An SSP is a system security plan. It’s a formal document generated by the owner of the information system (or the owner of common security controls for inherited controls) that offers an overview of the system’s security needs and details the security controls in place or intended to fulfill those requirements.Other critical security-related papers can be included as supporting appendices or references in a plan, including risk assessments, privacy impact assessments, system interconnection agreements, contingency plans, configuration management plans, security configurations, and incident response plans.
Share this post
