Skip Navigation Links
MenuExpand
ASSIST
   Data updated: 08 Nov 2019. Home |  About Quick Search |  ASSIST |  ASSIST Updates Document Details

Document ID:   DI-MGMT-82247       Scroll down to access document images

Overview
Title:  Contractor’s Systems Security Plan And Associated Plans Of Action to Implement NIST SP 800-171 on a Contractor's Internal Unclassified Information System
Scope:  This Data Item Description (DID) contains the data content, format, and intended use of the Contractor's system security plan (or extracts thereof), to include any associated plans of action, addressing the Contractor’s internal unclassified information system(s).  When Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 is included in a contract for which covered defense information – as defined in DFARS Clause 252.204-7012 – will be processed, stored, or transmitted on an unclassified information system that is owned, or operated by or for, the Contractor, the Contractor shall develop, document, and periodically update a system security plan(s), to include any associated plans of action, for the Contractor’s internal unclassified information system in accordance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Security Requirement 3.12.4 of the NIST SP 800-171 requires that system security plans describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. Security Requirement 3.12.2 of the NIST SP 800-171 requires that plans of action describe how the Contractor will correct deficiencies and reduce or eliminate vulnerabilities in the Contractor’s unclassified information system. The system security plan (or extracts thereof) and any associated plans of action may be used by the government as input to an overall risk management decision to process, store, or transmit covered defense information on an unclassified information system that is owned, or operated by or for, the Contractor (i.e., Contractor's internal unclassified information system).
Status:  Active DID Date:  31-OCT-2018      
  Next Review Due:  30-OCT-2023
SCRE Doc Category:   Data Item Description  

Responsibilities
DID Approval Authority:  SO  Executive Agent for the Defense Standardization Program
  Preparing Activity: RS  Deputy Director, Strategic Technology Protection and Exploitation (DD/STP&E
Coordination:  Full  

The public reporting burden for this collection of information is estimated to average 66 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to: whs.mc-alex.esd.mbx.dd-dod-information-collections@mail.mil. Reference OMB 0704-0188 in all communications. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.
Revision History Click on column headings for a description of column content.

NOTE: It is recommended that you use Adobe Reader v7.0 or higher for optimal download performance; older versions should continue to work, but downloading large files may appear to take longer, so please be patient in those cases.


  About Quick Search  |  Contact Us  |  ASSIST  |  ASSIST Feedback  |  Privacy and Security  |  Section 508 Compliance  |  Defense Standardization Program  

WARNING: UNAUTHORIZED ACCESS TO THIS UNITED STATES GOVERNMENT COMPUTER SYSTEM AND SOFTWARE IS PROHIBITED BY PUBLIC LAW 99-474 (THE COMPUTER FRAUD AND ABUSE ACT OF 1986) AND CAN RESULT IN ADMINISTRATIVE, DISCIPLINARY OR CRIMINAL PROCEEDINGS.