Statements (51)
Predicate | Object |
---|---|
gptkbp:instanceOf |
security document
|
gptkbp:abbreviation |
System Security Plan
|
gptkbp:auditedBy |
security assessors
|
gptkbp:basisFor |
risk assessment
security assessment report (SAR) |
gptkbp:contains |
personnel security
configuration management access control contingency planning incident response procedures security training system description security awareness maintenance procedures media protection audit and accountability physical and environmental protection system and communications protection system and information integrity security categorization control implementation summary interconnection information plan of action and milestones (POA&M) |
gptkbp:describes |
security controls
|
gptkbp:documentation |
roles and responsibilities
implementation of controls system boundaries system environment |
gptkbp:format |
may vary by organization
|
gptkbp:governedBy |
gptkb:NIST_SP_800-53A
gptkb:NIST_SP_800-37 gptkb:NIST_SP_800-18 |
https://www.w3.org/2000/01/rdf-schema#label |
System Security Plan (SSP)
|
gptkbp:purpose |
to delineate responsibilities
to describe the implementation of controls to provide an overview of security requirements |
gptkbp:relatedTo |
gptkb:security
gptkb:Risk_Management_Framework_(RMF) continuous monitoring |
gptkbp:requires |
gptkb:NIST_SP_800-53
gptkb:Federal_Information_Security_Management_Act_(FISMA) gptkb:Authorization_to_Operate_(ATO) |
gptkbp:reviewedBy |
authorizing official
|
gptkbp:updated |
periodically
|
gptkbp:usedBy |
federal agencies
contractors |
gptkbp:usedIn |
information security
|
gptkbp:YouTubeChannel |
authorizing official
|
gptkbp:bfsParent |
gptkb:Authorization_to_Operate_(ATO)
gptkb:FedRAMP_Moderate |
gptkbp:bfsLayer |
7
|