Writing a Cybersecurity Accreditation Package: A 21st Century NIST-based & CMMC Roadmap (The Complete Nist 800-171 Security Assessors' Package)

IF YOU ARE WRITING AN ACCREDITATION PACKAGE FOR NIST 800-171 OR CMMC, THIS BOOK IS DESIGNED FOR THE COMPANY LEADERSHIP AND ITS IT STAFF TO BE SUCCESSFUL...

IT WILL SAVE YOU TIME AND HEADACHES...THIS IS A HOW-TO, NOT A "50,000 FOOT VIEW" BOOK!

Introducing the Security Authorization Development Package Model (SADP-M). I hope this helps you create a fully auditable and complete package under the base NIST 800-171 and the Cybersecurity Maturity Model Certification (CMMC) process emerging from the Department of Defense (DOD). I have added CMMC control traceability for Levels 1 through 3 in this version. This model introduces the Global Cybersecurity Policy (G-CSP). It forms the starting point for required accreditation documentation under NIST 800-171, applicable to CMMC. This is a defined process to help create auditable packages for accreditation. The assigned IT professional or ISSO will subsequently populate and provide answers for the auditor in the G-CSP. After this work is completed, the ISSO will begin to "strip out" the other documents, including the SSP, CSP, POAM, etc. One of the most common requests I receive from my readers is help in creating an effective Cybersecurity Policy (CSP). I initially was focused on the two major technical parts of the NIST 800-171 accreditation package, the System Security Plan (SSP) and Plans of Action and Milestones (POAM). I consider the CSP more a Human Resources effort that focuses on the people side of the People-Process-Technology Triad, but no less critical. Fortunately, I have recently been able to dedicate the time to develop what I describe as an onion approach to create a CSP. I describe a GLOBAL CSP as a base document that the cybersecurity professional can strip out the SSP, the final CSP, and several other vital cybersecurity documents needed to manage any IT system.