SSP v2 and POA&Ms Question

old.reddit.com / @/u/thegreatcerebral, https://old.reddit.com/user/thegreatcerebral

In the scope of making an SSP which covers NIST SP 800-171, is there any requirements/rules in regards to POA&Ms?

I ask because I know that for CMMC 2.0 L2 certification you must have all of the non-1-point controls already done before you can have someone come out for certification. In other words there is a small list of 1-point controls that you are allowed to have a POA&M for and there are some 1-point controls you are not.

If you are just doing and SSP not using the CMMC 2.0 as a scope then are there any such restrictions to POA&Ms you are allowed to have?

submitted by /u/thegreatcerebral
[link] [comments]

published 2 months ago


Previous

Managing the 800-171 framework
published 2 months ago

Next

CSF 2.0 to 800-53
published 2 months ago
See all items from the same source