System Security Plan (SSP)

GPTKB entity

Statements (51)
Predicate Object
gptkbp:instanceOf security document
gptkbp:abbreviation System Security Plan
gptkbp:auditedBy security assessors
gptkbp:basisFor risk assessment
security assessment report (SAR)
gptkbp:contains personnel security
configuration management
access control
contingency planning
incident response procedures
security training
system description
security awareness
maintenance procedures
media protection
audit and accountability
physical and environmental protection
system and communications protection
system and information integrity
security categorization
control implementation summary
interconnection information
plan of action and milestones (POA&M)
gptkbp:describes security controls
gptkbp:documentation roles and responsibilities
implementation of controls
system boundaries
system environment
gptkbp:format may vary by organization
gptkbp:governedBy gptkb:NIST_SP_800-53A
gptkb:NIST_SP_800-37
gptkb:NIST_SP_800-18
https://www.w3.org/2000/01/rdf-schema#label System Security Plan (SSP)
gptkbp:purpose to delineate responsibilities
to describe the implementation of controls
to provide an overview of security requirements
gptkbp:relatedTo gptkb:security
gptkb:Risk_Management_Framework_(RMF)
continuous monitoring
gptkbp:requires gptkb:NIST_SP_800-53
gptkb:Federal_Information_Security_Management_Act_(FISMA)
gptkb:Authorization_to_Operate_(ATO)
gptkbp:reviewedBy authorizing official
gptkbp:updated periodically
gptkbp:usedBy federal agencies
contractors
gptkbp:usedIn information security
gptkbp:YouTubeChannel authorizing official
gptkbp:bfsParent gptkb:Authorization_to_Operate_(ATO)
gptkb:FedRAMP_Moderate
gptkbp:bfsLayer 7