CMP Docs

  2. Home
  4. CMP Docs
  6. Finalize

Finalize

[vc_row][vc_column width=”4/6″][vc_separator border_width=”2″][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Let’s Finish This

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_video link=”https://www.youtube.com/watch?v=n29G6p6Ix7Y&feature=youtu.be” align=”center”][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”8/12″][vc_column_text]The Finalize View is the last stop on the road to compliance. Before you take action here, make sure you’ve done the following:[/vc_column_text][vc_column_text]
  1. Completely filled out each section of the Environment menu.
  2. Completed each control, including details, status, and evidence.
  3. Created POA&Ms for all failed controls.
[/vc_column_text][/vc_column][vc_column width=”4/12″][/vc_column][/vc_row][vc_row][vc_column width=”2/6″][vc_column_text]The Assessment Completion section displays your progress for these items, as well as two final steps (Certification and System Security Plan Generation) for completing the Assessment.[/vc_column_text][/vc_column][vc_column width=”2/6″][vc_single_image image=”10261″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Attestation

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_column_text]After you’ve fully populated the environment information, completed all controls, and created remediations, you’re ready to begin Attestation. This simply means the system owner (or other responsible party) is signing off on the results of the assessment, attesting to the accuracy of all the information provided. This step should not be interpreted as “We’re NIST 800-171 Certified”. NIST 800-171 Certification does not exist (if you complete the Assessment, you can claim to be “NIST 800-171 Compliant”).[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_single_image image=”11808″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][vc_single_image image=”11809″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][vc_column_text]Click Display Attestation Form, review the attestation statement and certify your assessment.[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”3/12″][vc_column_text]If necessary, the Attestation Info can be deleted or re-certified. This is typically done if the assessment is updated in the future.[/vc_column_text][/vc_column][vc_column width=”5/12″][vc_single_image image=”11810″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][/vc_column][vc_column width=”4/12″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

System Security Plan

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_column_text]The final step in the Assessment Wrap-Up is generation of the System Security Plan. This document is your proof of NIST 800-171 compliance. It contains every piece of information you’ve provided. When a Contracting Officer asks you if you’re NIST 800-171 compliant, this is the thing you hand them.[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_single_image image=”10267″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][vc_column_text]Dynamic generation of the System Security Plan is as simple as clicking Generate SSP.[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_single_image image=”10268″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][vc_column_text]Your System Security Plan is saved as a PDF and includes a version number. SSP Generation can and should be repeated if any changes are made to the Assessment (e.g. Remediation Plan updates).[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_column_text]Click the menu icon to View, Download or Delete a specific version of the SSP.[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_single_image image=”10269″ img_size=”full” alignment=”center” style=”vc_box_rounded” onclick=”img_link_large” img_link_target=”_blank”][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row][vc_row][vc_column width=”4/6″][vc_column_text]Congratulations! You’ve finished your NIST 800-171 Assessment.[/vc_column_text][/vc_column][vc_column width=”2/6″][/vc_column][/vc_row]