Skip to main content

SSP Generation

This page is a powerful tool designed to assist you in creating a System Security Plan (SSP) effortlessly.

The primary purpose of the SSP Generation page is to facilitate the creation of a System Security Plan (SSP). An SSP is a crucial document that outlines your organization's security policies, procedures, and controls to ensure compliance with NIST 800-171 or CMMC requirements.

One of the key advantages of the SSP Generation feature is the ability to generate the SSP in the OSCAL format. OSCAL is a machine-readable format that allows the SSP document to be used for machine-to-machine communication. This means that you can easily share information about your security policies and controls in an automated manner.

info

NIST, in collaboration with industry, is developing the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML.

Source: OSCAL - Open Security Controls Assessment Language

In addition to OSCAL, the SSP can also be generated in a WORD format, which is suitable for human consumption. This flexibility ensures that you can meet the needs of both automated systems and human stakeholders.

To generate the SSP, click on the Genetare SSP button. This will open the modal to let the user choose between the two formats (OSCAL or WORD). After selecting the type for the file click on Generate. The software will generate the SSP in the desired format.

It's important to note that the document generated using this feature is a subset of an SSP. While it includes essential information about your security policies and controls, it may not cover the entire scope of your organization's security measures. Be sure to review the generated SSP and make any necessary additions or modifications to ensure it aligns with your specific needs and requirements.

info

NIST has not yet released an official System Security Plan (SSP) specifically tailored to NIST 800-171. The SSP generated by ASCERA is based on the NIST 800-53 SSP as a reference, serving as an approximation of what may be expected in an official NIST 800-171 SSP in the future.