System Security Plans are the single most fundamental documents underpinning cybersecurity compliance for defense contractors. But even after nearly 40 years of using SSPs for federal information systems there are essentially zero examples of what good looks like. Thankfully NIST is revising SP 800-18 guidance on developing SSPs and wants your comments. This is a crash course on SSPs so you can get caught up before the July 30th comment deadline.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo
DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF
DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C
NIST SP 800-18r2: https://csrc.nist.gov/pubs/sp/800/18/r2/ipd#:~:text=NIST%20Special%20Publication%20800%2D18r2,and%20mission%2Fbusiness%20process%20requirements.
NIST SP 800-18r1: https://csrc.nist.gov/pubs/sp/800/18/r1/final
The History of CMMC: https://youtu.be/jbY2irZ1ePg?si=_Ay66UqRUU9ShhJV