System Security Plan or SSP for SPRS

April 27, 2021

Many contractors filed a DoDAM score incorrectly on the SPRS site. In addition to the DoDAM score there were questions about the SSP. An SSP is compiled from a number of forms and reports such as Table of Contents Section 1 Site Data………………………………….. 4 Section 2 Network Data……………………….….. 29 Section 3 NIST 800-171 Compliance…………… 38 Section 4 NIST 800-53 Status……………………. 55 Section 5 NIST 800-53 Tasks .…….……… ……. 75 Section 6 Domain Reports…………………..…… 97 Section 7 Risk Chart………………………………103 Section 8 DoDAM Score………………………….104 Section 9 POAM……………………………………109 Absence of an SSP creates a NULL score no matter what else has been reported. Documentation of the SSP is critical.


Back to News