NIST 800-171 R-3.12.4
Maintain a System Security Plan
Official citation: 3.12.4
Class: core · Severity: high
Statement of the obligation — verify against source
3.12.4
What it means
Develop, document, and periodically update a system security plan (SSP) that describes your system boundaries, operating environment, how each security requirement is implemented, and connections to other systems. The SSP is the central description of how you protect CUI and is required for assessment.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.