>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CA.L2-3.12.4System Security Plan

Level 2
800-171: 3.12.4

>Control Description

Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

>Cross-Framework Mappings

NIST SP 800-171

3.12.4
Compare

SCF

IAO-03
Compare
IAO-03.2
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your policy for developing and maintaining system security plans?
  • Who is responsible for creating and updating SSPs?
  • How often do you review and update system security plans?
  • What is your approval process for SSPs and SSP updates?
  • How do you ensure SSPs accurately reflect current system implementations?

Technical Implementation:

  • What tools do you use to create and maintain SSPs?
  • How do you track changes to SSPs over time (version control)?
  • What system diagrams and network maps are included in SSPs?
  • How do you export and generate SSP documents?
  • What tools help ensure SSPs are comprehensive and accurate?

Evidence & Documentation:

  • What system security plans (SSPs) document security controls?
  • What assessment reports demonstrate control testing?
  • What POA&M documents track remediation of deficiencies?
  • What continuous monitoring reports show ongoing control effectiveness?
  • What assessment procedures and test plans can you provide?
  • What evidence shows assessments are conducted by qualified personnel?

Ask AI

Configure your API key to use AI features.