Security

SSPSystem Security Plan

A formal document describing the security controls in place or planned for a system, including the system boundary, environment, and how each NIST 800-171 requirement is satisfied.

Related Terms

NIST SP 800-171

The NIST standard specifying 110 security requirements for protecting CUI in non-federal systems. Forms the basis of CMMC Level 2 and DFARS 252.204-7012 compliance.

POA&M

A document identifying security weaknesses, the planned remediation actions, required resources, and scheduled completion dates for achieving full compliance.

CMMC

A DoD framework requiring defense contractors to meet specific cybersecurity standards before handling federal contract information.

Related Guides

CMMC Compliance Guide→

← Back to Glossary