The System Security Plan (SSP) is a specific NIST SP 800-171 Rev 2 requirement that describes how your company’s specified security requirements are (1) currently met or (2) how the organization plans to meet the requirements. The SSP also describes the company’s information system boundaries, operational and technical environment, and details how security controls are implemented throughout the organization.
The Plan of Actions and Milestones (POAM) is another NIST SP 800-171 Rev 2 requirement that describes how identified deficiencies or gaps will be mitigated or remediated to meet security requirements. The POAM identifies prioritized remediation recommendations that support the company’s efforts toward full DFARS 7012 and NIST 800-171 cybersecurity compliance.
The Incident Response Plan is the final NIST SP 800-171 Rev 2 requirement that describes your company’s response to various types of cyber incidents. This plan should document your company’s Incident Response Team with roles and responsibilities, describe organizational incident-handling capabilities and resources, and provide procedures for identifying, tracking, documenting, and reporting incidents to the correct officials and/or authorities both internal and external to the company.
To inquire about G2 Ops’ SSP and POAM Support Services, call us at 757.965.8330 or contact us today.