Plans
CMMC System Security Plan (SSP) - CUI Environment
Build the System Security Plan skeleton that CMMC Level 2 requires (NIST SP 800-171 Rev. 2, requirement 3.12.4): system inventory, boundary, environment of operation, and how the 14 requirement families are implemented. Everything here stays alias-based; the export includes a local completion worksheet for the real system names, addresses, and network detail that belong only in your own records.
Use this page to decide whether this plan belongs in your binder and which supported frameworks can include framework-specific language.
7 guided sections · 27 questions in the wizard
What this plan covers
- 01
System Identification
Name the CUI environment with an alias and establish what CUI it handles and who owns the plan
- 02
System Inventory
Inventory the systems in the CUI environment, by alias
- 03
Boundary & Connections
Describe the boundary and the connections to other systems, in alias terms
- 04
Implementation: Access & People
How the Access Control, Identification & Authentication, Awareness & Training, and Personnel Security families are implemented
- 05
Implementation: Operations & Physical
How the Audit & Accountability, Configuration Management, Maintenance, Media Protection, and Physical Protection families are implemented
- 06
Implementation: Response, Risk & System Protection
How the Incident Response, Risk Assessment, Security Assessment, System & Communications Protection, and System & Information Integrity families are implemented
- 07
Plan Maintenance
Keep the SSP current: update cadence, triggers, and where the completed plan lives
Decisions this plan captures
A sample of the guided questions the wizard walks through. Answers stay placeholder-safe in the hosted draft; sensitive specifics are completed in your exported copy.
- System / environment alias
- Systems in the CUI environment
- Boundary description (alias terms only)
- Access Control (3.1) implementation narrative
- Audit & Accountability (3.3) implementation narrative
- Incident Response (3.6) implementation narrative
- How often is the SSP reviewed and updated?
- How is the CUI environment scoped?
- How is the CUI environment separated from the rest of the network?
- Identification & Authentication (3.5) implementation narrative
Supported framework mappings
When teams need it
- A customer, insurer, partner, or internal reviewer asks for the document.
- You need a clear owner, scope, review cadence, and evidence checklist.
- You want framework-aware wording without starting from a blank template.
What Security Binder generates
- A structured draft based on your business profile and answers.
- Framework-aware wording where the product supports that framework mapping.
- PDF, DOCX, Markdown, and Local Pack exports for review and local finalization.
Create this document from guided questions.
Generate a structured draft, export it, and finish sensitive proof locally.
Get started