NIST SP 800-171 Revision 2 & CMMC Related Templates
The following content is provided pro bono, no guarantees, and with no support to the Defense Industrial Base (DIB) to support their NIST SP 800-171 implementation, documentation, and preparation activities for a Cybersecurity Maturity Model Certification (CMMC) Conformity Assessment event.
The following documentation does presume the using organization follow a configuration management methodology as described in NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems.
If your organization is interested in Peak InfoSec supporting your use of these templates, please complete the form below.
Policies
Plans
System Security Plan (SSP)
When using the SSP templates below, we really recommend you watch the related As the CMMC Churns videos:
- As the CMMC Churns | Your SSP Sucks, Seriously.: This Churns video explains how you use our SSP templates
- As the CMMC Churns | The Three Types of Evidentiary Objects: This Churns video looks at the three main types of Examination Assess Objects enumerated in NIST SP 800-171A. This video also expounds on part of how to write an effective SSP.
- As the CMMC Churns | Assessors and Toddlers: This explains the Document Traceability Matrix
- As the CMMC Churns | Documenting Your Scope: How to create a scope diagram for your SSP
Social Contact