Per DCSA, organizations must submit a CCP plan (CAGE Code-CCP-System Name) within eMASS. A CCP plan will thus enable an organization to document their common controls, which will ensure consistency and streamline assessment and authorization processes. The CCP package will be used to identify the common controls and all the associated procedures and artifacts, along with specifying if the common controls provide the required protection fully or in hybrid fashion.
Please note that the requirements for the CCP plan are the same as other system security plans.
Organizations will be required to address System Details, Control Information (Implementation Plan, System Level Continuous Monitoring (SLCM)), Test Results (all CCIs/Assessment Procedures), and upload all associated artifacts. Security controls that will not be addressed in the CCP plan will be marked as Not Applicable. Additionally, organizations must include a digitally signed document detailing the CAGE Codes and locations of the facilities authorized to inherit from the CCP. This document will be used as a supporting artifact and will be uploaded into the Artifacts tab.
Once the CCP plan is developed, the organization will submit the package and request authorization to allow systems to inherit the common controls.
100 + NIST 800-53 Templates Available for Download for Cleared Industry
The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.
From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS
With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO. Core services and solutions offered include the following:
- Scoping & Gap (i.e., Readiness) Assessments
- Remediation Services (Policy and Procedures writing)
- Remediation Services (Technical and Operational)
- System Security Plan (SSP) Development
- Completion of eMASS Export Control Spreadsheets
- Continuous Monitoring (ConMon) Services
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.