Skip Navigation Links
MenuExpand
ASSIST
   Data updated: 21 Nov 2024. Home |  About Quick Search |  ASSIST |  ASSIST Updates Document Details
Document ID:   DI-MGMT-82247       Scroll down to access document images

Overview
Title:  Contractor’s Systems Security Plan And Associated Plans Of Action to Implement NIST SP 800-171 on a Contractor's Internal Unclassified Information System
Scope:  This Data Item Description (DID) contains the data content, format, and intended use of the Contractor's system security plan (or extracts thereof), to include any associated plans of action, addressing the Contractor’s internal unclassified information system(s).  When Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 is included in a contract for which covered defense information – as defined in DFARS Clause 252.204-7012 – will be processed, stored, or transmitted on an unclassified information system that is owned, or operated by or for, the Contractor, the Contractor shall develop, document, and periodically update a system security plan(s), to include any associated plans of action, for the Contractor’s internal unclassified information system in accordance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Security Requirement 3.12.4 of the NIST SP 800-171 requires that system security plans describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. Security Requirement 3.12.2 of the NIST SP 800-171 requires that plans of action describe how the Contractor will correct deficiencies and reduce or eliminate vulnerabilities in the Contractor’s unclassified information system. The system security plan (or extracts thereof) and any associated plans of action may be used by the government as input to an overall risk management decision to process, store, or transmit covered defense information on an unclassified information system that is owned, or operated by or for, the Contractor (i.e., Contractor's internal unclassified information system).
Status:  Active DID Date:  31-OCT-2018      
  Next Review Due:  30-OCT-2023
SCRE Doc Category:   Data Item Description  

Responsibilities
DID Approval Authority:  SO  Executive Agent for the Defense Standardization Program
  Preparing Activity: RS  Director Science & Technology Program Protection (STPP)
Coordination:  Full  

Revision History Click on column headings for a description of column content.

NOTE: It is recommended that you use Adobe Reader v7.0 or higher for optimal download performance; older versions should continue to work, but downloading large files may appear to take longer, so please be patient in those cases.

  About Quick Search  |  Contact Us  |  FAQ  |  ASSIST  |  Privacy and Security  |  Section 508 Compliance  |  Defense Standardization Program  
WARNING: UNAUTHORIZED ACCESS TO THIS UNITED STATES GOVERNMENT COMPUTER SYSTEM AND SOFTWARE IS PROHIBITED BY PUBLIC LAW 99-474 (THE COMPUTER FRAUD AND ABUSE ACT OF 1986) AND CAN RESULT IN ADMINISTRATIVE, DISCIPLINARY OR CRIMINAL PROCEEDINGS.