There are 110 explicit security controls from NIST 800-171, revision 1, extracted from NIST’s core cybersecurity document, NIST 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, that are considered vital. This is a highly pared down set of controls for the purposes of Industry’s requirements to meet federal government cybersecurity contracting requirements.  There are over 1000 potential controls offered from NIST 800-53 revision 4; this more expansive set of controls is used extensively by DOD to protect its IT systems from its jet-fighters to its vast personnel databases.   

             This SSP is based upon the NIST and National Archives and Records Administration (NARA) templates and provides a greater clarification to the company or agency representative, business owner, and their IT staff.  This book is intended to focus business owners and their IT support staff on what is required to create and complete a System Security Plan (SSP) that sufficiently meets the NIST 800-171, revision 1, requirements.   Companies need to focus on a “good faith” effort on how to best address these controls to the government—and, it more importantly will help the business protect its own sensitive data and Intellectual Property (IP).