Description: In-depth, comprehensive, professionally developed System Security and Privacy Plan (SSPP) for ensuring organizations fully document their ‘system’ as required by PL-2 of NIST SP 800-53, Revision 5. With Arlington, we offer a wide-range ofSystem Security Plan and System Security and Privacy Plan templatesfor LOW, MOD, and HIGH.
Note:The System Security and Privacy Plan (SSPP) differs from a traditional System Security Plan (SSP) in that it includes all requirements for all Privacy Control Baselines as put forth in NIST SP 800-53, Revision 5.
Per NIST, "When a system processes PII, the information security and privacy programs have a shared responsibility to manage the impacts to individuals that arise from security risks and collaborate to determine the security categorization and the selection and tailoring of controls from the security control baselines."
Therefore, if your system processes PII, it is advised to use an SSPP template over the traditional SSP template.
Specifications:Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.
Control Family: Planning (PL).
Security Control Baseline Coverage:Includes coverage for all HIGH Baseline, per NIST SP 800-53B (12-10-2020).
Direct Compliance Use:FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.