EverySpec Standards
Home > Library > DATA-ITEM-DESC-DIDs > DI-MGMT > DI-MGMT-82247

DI-MGMT-82247, DATA ITEM DESCRIPTION (DID): CONTRACTOR'S SYSTEMS SECURITY PLAN AND ASSOCIATED PLANS OF ACTION TO IMPLEMENT NIST SP 800-171 ON CONTRACTOR'S INTERNAL UNCLASSIFIED INFORMATION SYSTEM (31-OCT-2018)

DI-MGMT-82247, DATA ITEM DESCRIPTION (DID): CONTRACTOR'S SYSTEMS SECURITY PLAN AND ASSOCIATED PLANS OF ACTION TO IMPLEMENT NIST SP 800-171 ON CONTRACTOR'S INTERNAL UNCLASSIFIED INFORMATION SYSTEM (31-OCT-2018)., This Data Item Description (DID) contains the data content, format, and intended use of the Contractor's system security plan (or extracts thereof), to include any associated plans of action, addressing the Contractor’s internal unclassified information system(s). When Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 is included in a contract for which covered defense information – as defined in DFARS Clause 252.204-7012 – will be processed, stored, or transmitted on an unclassified information system that is owned, or operated by or for, the Contractor, the Contractor shall develop, document, and periodically update a system security plan(s), to include any associated plans of action, for the Contractor’s internal unclassified information system in accordance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Security Requirement 3.12.4 of the NIST SP 800-171 requires that system security plans describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. Security Requirement 3.12.2 of the NIST SP 800-171 requires that plans of action describe how the Contractor will correct deficiencies and reduce or eliminate vulnerabilities in the Contractor’s unclassified information system. The system security plan (or extracts thereof) and any associated plans of action may be used by the government as input to an overall risk management decision to process, store, or transmit covered defense information on an unclassified information system that is owned, or operated by or for, the Contractor (i.e., Contractor's internal unclassified information system).

DI-MGMT-82247

    
 Status:
Active

 FSC Code:
 MGMT - MANAGEMENT

Version:
10-201819.97 KB DI-MGMT-82247
10-201819.65 KB DI-MGMT-82247

Simple Search
MilSpec Search



About Us   |   Terms of Use   |   DMCA   |   Privacy   |   EverySpec LLC © 2009 - 2019   All rights reserved.