CMMC 1.0 Practice CA.2.157 Requirement:

Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

CMMC 1.0 CA.2.157 Requirement Explanation:

A system security plan describes your information system and how your company meets its security requirements.

Example CMMC 1.0 CA.2.157 Implementation:

Create a system security plan (SSP). Include a list of key personnel and roles responsible for your information system. Provide a high level description of your systems primary purpose and functions. List common types of user roles and their associated permissions. Describe the type of data your information systems process (e.g. “Controlled Unclassified Information” (CUI)). Create a network diagram and write a description about it. Reference your hardware and software list in your SSP. List out all of the security practices you need to implement. Describe how you have or plan to implement them. Periodically (e.g. bi-annually) update your system security plan (SSP) to reflect any changes.

CMMC 1.0 CA.2.157 Scenario(s):

- Scenario 1:

You create a system security plan providing a high level overview of your information system. You also specify your security requirements, how you have implemented some of them, and how you plan to implement the rest.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.