Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Compliance Readiness / NIST System Security Plan
157NSSP Base

NIST System Security Plan

On this page

    Service Overview

    A System Security Plan is designed to help organizations align business risk to security objectives, technical security controls, and architecture. This plan provides visibility to regulatory compliance and a means to adjust within a continuously changing risk profile. This service will be conducted by a team of certified security experts with technical and business knowledge of security architecture, security controls, information technology, and business processes.

    Objectives

    The objectives of this initiative are as follows:

    • Formalize and document a written System Security Plan
    • Clearly define security control standards
    • Document a security architecture matrix for critical assets
    • Identify and document gaps between current state and future state
    • Develop and document a prioritized corrective action plan

    Methodology

    This System Security Plan consists of the following phases:

    1. PLANNING - Preparation necessary to effectively execute the services, including:
      1. SUPPORTING DOCUMENTATION (PREREQUISITE) - DeepSeas will review the client's existing asset inventory.
      2. SCOPE DEFINITION - Identifying the assets that will be included in the process;
      3. SCHEDULE DEVELOPMENT - Scheduling, project plan creation and resource identification.
    2. DEVELOPMENT - DeepSeas will formalize and document a written System Security Plan, that clearly defines security control standards in alignment with DFARS.
      1. Working Sessions - DeepSeas will conduct working sessions with key client stakeholders, through a collaborative approach, to define controls standards and implementation procedures for each in-scope control.
    3. DOCUMENTATION - Documentation of all deliverables, including:
      1. System Security Plan
      2. Plan of Actions & Milestones (POA&M)

    Deliverables

    DeepSeas will produce the following deliverables:

    1. SYSTEM SECURITY PLAN - DeepSeas will deliver a single (1) System Security Plan that clearly defines the direction and expectations for implementation, maintenance, and ownership of security controls.
    2. PLAN OF ACTIONS & MILESTONES - DeepSeas will deliver a prioritized Plan of Action and Milestone (POA&M) that documents gaps between the current state and the future state.

    Client Responsibilities

    The client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan. 

    1. Client to assign a point of contact (POC) responsible for client coordination and logistics. 
    2. The client is responsible for scheduling and coordination of internal client resources for all project work.