The Defense Acquisition Regulations Systems said in a Federal Register notice posted Tuesday DoD drafted the document to streamline the evaluation process of system security plans and plans of actions on information systems, as well as to help implement untouched security requirements.
NIST Special Publication 800-171 requires non-federal agencies to create a system security plan that will include explanations on how the specified security requirements are met or are going to be addressed.
DoD intends to put value in assessing the risk of an unimplemented requirement on information systems and evaluating the risk of a deficient security prerequisite.
DoD will accept public comments through May 31.