Let’s Finish This
The Finalize View is the last stop on the road to compliance. Before you take action here, make sure you’ve done the following:
- Completely filled out each section of the Environment menu.
- Completed each control, including details, status, and evidence.
- Created POA&Ms for all failed controls.
The Assessment Completion section displays your progress for these items, as well as two final steps (Certification and System Security Plan Generation) for completing the Assessment.
Attestation
After you’ve fully populated the environment information, completed all controls, and created remediations, you’re ready to begin Attestation. This simply means the system owner (or other responsible party) is signing off on the results of the assessment, attesting to the accuracy of all the information provided. This step should not be interpreted as “We’re NIST 800-171 Certified”. NIST 800-171 Certification does not exist (if you complete the Assessment, you can claim to be “NIST 800-171 Compliant”).
Click Display Attestation Form, review the attestation statement and certify your assessment.
If necessary, the Attestation Info can be deleted or re-certified. This is typically done if the assessment is updated in the future.
System Security Plan
The final step in the Assessment Wrap-Up is generation of the System Security Plan. This document is your proof of NIST 800-171 compliance. It contains every piece of information you’ve provided. When a Contracting Officer asks you if you’re NIST 800-171 compliant, this is the thing you hand them.
Dynamic generation of the System Security Plan is as simple as clicking Generate SSP.
Your System Security Plan is saved as a PDF and includes a version number. SSP Generation can and should be repeated if any changes are made to the Assessment (e.g. Remediation Plan updates).
Click the menu icon to View, Download or Delete a specific version of the SSP.
Congratulations! You’ve finished your NIST 800-171 Assessment.
