Based on customer demand, we developed an editable System Security Plan (SSP) template that is specifically designed for NIST 800-171 compliance. This template is available for immediate download.
The SSP is meant to be a "living document" that captures pertinent information on the controls implementation for NIST 800-171. Specifically, the SSP template covers all Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls that are listed in Appendices D and E of NIST 800-171.
The SSP can serve as a key element in your organization's cybersecurity program. It can stand alone or be paired with other specialized products we offer.
It is important to understand that there is no officially-sanctioned format for a System Security Plan (SSP) to meet NIST 800-171 compliance requirements. This template is based on SSP requirements that are used for other US government compliance requirements for SSPs, but it is tailored to document the entire Controlled Unclassified Information (CUI) environment for an organization.
A key concept to keep in mind with the SSP is that it should be complete enough for a reasonable person to pick up, read through and understand the following information:
The definition of CUI, in regards to the company’s operations. This is how CUI is defined in contracts.
Where CUI is stored, transmitted or processed.
What controls are in place to protect CUI as it is stored, transmitted and processed.
Any deficiencies that exist in protecting CUI, if applicable.
Remediation plans address known deficiencies, if applicable.
What Is The NIST 800-171 System Security Plan (SSP)?
Our products are one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The SSP contains the framework you need to document your Controlled Unclassified Information (CUI) environment, which is a requirement of NIST 800-171.
What Problem Does The SSP Solve?
Lack of In House Security Experience - Writing cybersecurity documentation is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The SSP is an efficient method to obtain a quality SSP template for your organization!
Compliance Requirements As a DoD or US government contractor, having a SSP is a requirement of NIST 800-171.
How Does the SSP Solve It?
Clear Documentation - The SSP provides a comprehensive template to document your CUI environment. This equates to a time savings in staff and consultant expenses!
Time Savings - The SSP can provide your organization with a templated solution that requires minimal resources to fine tune for your organization's specific SSP needs.
Alignment With Leading Practices - The SSP is written to align with NIST 800-53 controls for NIST 800-171 compliance.
Product Example - NIST 800-171 SSP
Our customers choose the NIST 800-171 System Security Plan (SSP) because they:
Have a need for to document their Controlled Unclassified Information (CUI) environment
Need to be able to edit the SSP for their specific technology, staffing and other considerations
Have documentation that is directly linked to NIST 800-171
Need an affordable and timely solution to address not having a SSP
Don't take our word for it - take a look at the example below to see for yourself the level of professionalism and detail that went into it.
Cost Savings Estimate - NIST 800-171 System Security Plan (SSP)
The process of writing cybersecurity policies and standards can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time.This also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant's time being consumed. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months.
When you look at the costs associated with either hiring a consultant to write a SSP for you or tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Purchasing the SSP offers these clear advantages:
Compared to hiring a consultant, you can save thousands of dollars and immediately download your SSP template after purchasing it!
Compared to writing your own SSP, you can potentially save considerably and reduce the associated cost of lost productivity.
The SSP is an immediate download - you even get a Plan of Action & Milestones (POA&M) template at no additional cost!
When you factor in approximately 20+ hours of a cybersecurity consultant and the internal staff time to perform reviews and refinements with key stakeholders, purchasing a SSP from ComplianceForge is approximately 11% ($5,00+ savings) of the cost as compared to hiring a consultant to write it for you!
When you factor in 30+ hours of internal staff time to research, write and peer review cybersecurity documentation, purchasing a SSP from ComplianceForge is approximately 33% ($1,000+ savings) of the cost as compared to writing your own documentation!
Plan of Action & Milestones (POA&M) Template Included
At no additional cost, your purchase of the System Security Plan (SSP) template comes with a Microsoft Excel template for a Plan of Action and Milestones (POA&M) that is editable for your needs.