SSP Workshop @ CPPC23

Advanced System Security Plan Workshop

• Word Version of Parent SSP with Discussion Points - comment only [view file] 

Overview

One of the major challenges faced by institutions engaged in regulated research is determining how to align  their interpretation of controls with those of other institutions engaged in similar activities. Given the sensitive nature of implementation decisions and the varied resources available to institutions, the primary means of addressing this challenge is traditionally through internal teams or external consulting efforts. However, when teams have been heavily involved in the development and implementation of a System Security Plan, they may inadvertently overlook crucial details or overcommit themselves to additional and unnecessary effort  in their solutions.

This advanced, full-day workshop will focus on the creation of key components of a NIST 800-171 / CMMC Level 2 System Security Plan (SSP) through collaboration and expert input. Participants will learn if their peers share similar implementation strategies after discussing possible implementation strategies and depth of information shared. This workshop will produce a novel resource achieved from national experts finding consensus of implementation strategies and determining best practices. 

Workshop Output: This workshop will create a portion of a SSP, developed through consensus with peer experts and documentation of a select group of controls. 

Participants: Participants are expected to have significant knowledge and experience with writing or owning an SSP or implementing NIST 800-171 / CMMC Level 2 controls. Participation from an institution will be limited, thus allowing participation from many institutions.