A system security plan (SSP) is designed to provide an overview of the security requirements of the system and describe the controls in place or planned, as well as the responsibilities and expected behavior of all individuals who access the system. The SSP should be considered a documentation of the process for adequate, cost-effective security protection for a system. To build the plan, organizations should solicit feedback from stakeholders with responsibilities for the systems or parts of it. This may include owners of information, owners of the system itself, and the chief information security officer (CISO).
Would you like to generate System Security Plans at the touch of a button? Request a demo of Rsam's GRC platform