About the System Security Plan
This document is released in template format. Once populated with content, this document will include detailed information about service provider information security controls.
The System Security Plan is the main document in which the CSP describes all the security controls in use on the information system and their implementation.
Who should use this document?
This document is intended to be used by service providers who are applying for a Provisional Authorization through the U.S. Federal government FedRAMP program. U.S. Federal agencies may want to use it to document information systems security plans that are not part of the FedRAMP program.
Other uses of this template include using it to document organizational information security controls for the purpose of creating a plan to manage a large information security infrastructure. Complex and sophisticated systems are difficult to manage without a documented understanding of how the infrastructure is architected.