By developing numerous Security Plans across a broad range of Federal government agencies, the IMSG security team has discovered a number of best practices and lessons learned that expedite the process. While the development of a Security Plan may appear to be a daunting task, our tool-enabled process allows security managers and systems owners to leverage the results of similar efforts to efficiently complete the required documentation.

Our experience has shown that many organizations have the information they need to compile a comprehensive Security Plan, however this information has not been organized into the structure and formats required by review teams and auditors. A growing number of agencies have turned to IMSG to help them tackle the paperwork burden associated with Security Plan development and updates. Managers from each of these Federal agencies have reported that they received the highest grades on internal and external security reviews of their plans. These managers also report that they have now shifted their focus from the burdens of compliance paperwork to higher-valued activities, such as enterprise architecture implementation, capital planning, and system life cycle development.

We also ensure that the System Security Plan supports the development of a coherent and consistent C&A package. As policy changes and system changes continue to occur, our method also facilitates the update of the documents, and we provide an effective way to track improvements in security profiles over time.