For CMMC compliance, will DoD provide standardized templates for a System Security Plan (SSP) and Plan of Action and Milestones (POA&M)?
No.
The DoD does not plan to create specific templates for compliance documentation, recognizing that each organization is unique. A “one-size-fits-all” template would not generally be helpful. DFARS 252.204-7012 remains the basis for SSP content requirements, but it’s essential for each organization’s implementation team to develop a custom plan that truly fits its business model and information security implementation. The same goes for POA&Ms.
0 Comments