IAO-03—System Security & Privacy Plan (SSPP)

Weight: 7

>Control Description

Mechanisms exist to generate System Security & Privacy Plans (SSPPs), or similar document repositories, to identify and maintain key architectural information on each critical Technology Assets, Applications and/or Services (TAAS), as well as influence inputs, entities and TAAS, providing a historical record of the data and its origins.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

SOC 2 TSC

CMMC v2.0

NIST SP 800-171

FedRAMP Rev 5

NIST AI RMF

EU AI Act

Canada ITSP 10.171

Australia ISM

EU AI Act (Detailed)

UK DEF STAN 05-138

SOC 2 TSC (Detailed)

GovRAMP

NIST SP 800-161

NIST SP 800-171 Rev 3

NIST SP 800-171A Rev 3

NIST SP 800-171A

NIST SP 800-172

Data Privacy Management Principles

FBI CJIS

Ask AI