As part of Federal Information Security Management Act (FISMA) compliance and critical to the Certification and Accreditation (C&A) process, organizations must develop a System Security Plan (SSP) for their Major Applications (MA) and General Support Systems (GSS). The SSP is used to articulate the security controls that are meant to be in place in an MA or GSS to address the numerous threats to the security of that particular IT asset. TDI understands that proper definition of the SSP lays the foundation for future testing of these controls, typically via a Security Test and Evaluation (ST&E). This practice has great merit for application in the public sector as well. TDI works with organizations to ensure that the SSP is both compliant and clearly defines security controls that will be tested to ensure they are effective in their application. In short, we understand that Audits/C&A ST&E activities function far more smoothly when the supporting SSP documentation adequately addresses the sought after requirements and controls. TDI will help you develop SSPs for your MAs and GSSs to ensure that C&A efforts and Audits conducted in your organization are beneficial to you and not an impediment to your organizationís progress. Our cyber security professionals are well versed with NIST security standards and guidelines, and can help guide you through planning, development, and implementation of a compliant SSP.
- About TDI
- TDI Labs