About this webinar

The System Security Plan is the single most required and most dreaded artifact in a CMMC Level 2 assessment. Most shops either freeze trying to start it, or they build it in a Word doc that looks good on paper but falls apart the moment an auditor asks a follow-up question.

We’ll walk through what an SSP actually needs to contain, what auditors look for when they read one, and how ProShop structures the evidence your SSP relies on, so it’s something your system is already generating, not something you’re scrambling to produce before an audit.

Brian Kirk, C3PAO assessor at Cherry Bekaert, will share what he looks for when he reviews an SSP and the mistakes he sees most often.

Whether you’re starting from scratch or rescuing a draft that’s gotten out of hand, you’ll leave with a clear picture of what a defensible SSP looks like and a concrete next step.

1. A realistic SSP scope Most shops either overbuild or freeze at the blank page. You’ll know exactly what a Level 2 SSP needs to contain, what auditors actually scrutinize, and what you can stop worrying about.
2. A clear picture of your evidence gaps Not all 110 controls land on you equally. You’ll see which ones ProShop already generates evidence for, which are shared, and where your team still needs to do the work.
3. A 30-day next step Not a reading list. You’ll leave with one concrete action that moves your SSP from draft to something a C3PAO can actually evaluate.

Share this event with your followers!

• LinkedIn
• X
• Facebook