Date Published: June 2018
Planning Note (6/13/2018):
Documentation > Supplemental Material > CUI SSP template:
** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.
Ron Ross (NIST), Kelley Dempsey (NIST), Victoria Pillitteri (NIST)
Keywords assessment; assessment method; assessment object; assessment procedure; assurance; basic security requirement; Controlled Unclassified Information; coverage; CUI Registry; depth; derived security requirement; Executive Order 13556; FISMA; NIST Special Publication 800-53; NIST Special Publication 800-53A; nonfederal organization; nonfederal system; security assessment; security control