This video by Amira Armond / CMMCAudit.org is a free one hour training on how to create a high quality System Security Plan (SSP).
PLEASE NOTE: This video was recorded in mid-2021! It includes references to “CMMC Level 3” which was the standard for Controlled Unclassified Information back in 2021. CMMC now uses “Level 2” for protection of Controlled Unclassified Information. This does not significantly change how you write a system security plan. The #1 difference is that the NIST template with 800-171 requirements is MORE accurate now than it was when this video was recorded.
Why do we need a System Security Plan (SSP)?
Having a System Security Plan is required by NIST SP 800-171 , CMMC Level 2 and above. The NIST SP 800-171 DoD Self Assessment should not be performed without a system security plan, per DoD instructions.
Training for CMMC and NIST SP 800-171
This video is provided for educational and training purposes only. We highly recommend engaging with a qualified cybersecurity practitioner to create your system security plan and perform self assessments. In our opinion, only senior level IT professionals or intermediate level cybersecurity practitioners have the background necessary to fully understand the requirements in 800-171 and CMMC Level 2.
DoD CMMC website: https://dodcio.defense.gov/CMMC/
Thanks for watching and up-voting!
If this was helpful to you, please share this page or the video with others. If you see any wrong information, or want to add some tips, please comment!
V. Amira Armond (CISSP, CISA, PMP, MBA) is a computer systems architect, cyber-security consultant, and owner of Kieri Solutions LLC. Kieri Solutions LLC is in progress to become a CMMC assessment organization and has several Registered Practitioners and Certified Assessor candidates on staff. Amira is also the chief editor for cmmcaudit.org, a public resource for news and informational articles about the Cybersecurity Maturity Model Certification.