System Security Plans are the single most fundamental documents underpinning cybersecurity compliance for defense contractors. But even after nearly 40 years of using SSPs for federal information systems there are essentially zero examples of what good looks like. Thankfully NIST is revising SP 800-18 guidance on developing SSPs and wants your comments. This is a crash course on SSPs so you can get caught up before the July 30th comment deadline.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF

DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C

NIST SP 800-18r2: https://csrc.nist.gov/pubs/sp/800/18/r2/ipd#:~:text=NIST%20Special%20Publication%20800%2D18r2,and%20mission%2Fbusiness%20process%20requirements.

NIST SP 800-18r1: https://csrc.nist.gov/pubs/sp/800/18/r1/final

The History of CMMC: https://youtu.be/jbY2irZ1ePg?si=_Ay66UqRUU9ShhJV