NIST SP 800-171 · SSP Generator · System Security Planning

ASSP

Automated Security System Planner

The professional tool for documenting your System Security Plan. Plan, assess, and export audit-ready security documentation for NIST SP 800-171 compliance — in a single secure file.

Get Your License — From $29 Launch App →
From $29  ·  Perpetual License  ·  No Subscription  ·  Single File App
110 NIST SP 800-171 Controls System Security Plan Generator Boundary Documentation Roles & Responsibilities Interconnections Tracker Audit-Ready HTML Export No Server Required Perpetual License 110 NIST SP 800-171 Controls System Security Plan Generator Boundary Documentation Roles & Responsibilities Interconnections Tracker Audit-Ready HTML Export No Server Required Perpetual License
What's Included

Everything You Need for
NIST SP 800-171 Documentation

ASSP is purpose-built for organizations that need to plan, document, and demonstrate their security posture against the full 110-control NIST SP 800-171 framework.

🛡️
Control Planning
Work through all 110 NIST SP 800-171 Rev 2 controls organized by domain. Document planned implementations, assign status, and add detailed implementation notes.
📋
System Boundary
Document your system environment, boundary description, CUI categories, network topology, IP ranges, cloud services, and data flows in a structured format.
👤
Roles & Responsibilities
Define and document all security roles within your organization — owners, ISSOs, administrators, and users — with responsibilities mapped to controls.
🔗
Interconnections
Catalog all external system connections, third-party integrations, and data flows. Document connection types, data classifications, and security agreements.
📄
SSP Export
Generate a complete, professional System Security Plan in HTML format. Audit-ready output suitable for internal review, assessor submission, and compliance documentation.
💾
Local Data Storage
All data stays in your browser's local storage — nothing leaves your machine. Save to JSON file anytime and reload later. Zero cloud dependency, zero data exposure.
Control Assessment · Access Control (AC) 22 Controls
3.1.1Limit system access to authorized users, processes acting on behalf of authorized users, and devicesPlanned
3.1.2Limit system access to the types of transactions and functions that authorized users are permitted to executePlanned
3.1.3Control the flow of CUI in accordance with approved authorizationsIn Progress
3.1.4Separate the duties of individuals to reduce the risk of malevolent activity without collusionIn Progress
3.1.5Employ the principle of least privilege, including for specific security functions and privileged accountsNot Started
Full Coverage

All 14 NIST SP 800-171
Practice Domains

Every domain from NIST SP 800-171 Rev 2 is fully covered — 110 controls total, organized for comprehensive SSP documentation.

AC
Access Control
22 controls
AT
Awareness & Training
3 controls
AU
Audit & Accountability
9 controls
CM
Configuration Mgmt
9 controls
IA
Identification & Auth
11 controls
IR
Incident Response
3 controls
MA
Maintenance
6 controls
MP
Media Protection
9 controls
PS
Personnel Security
2 controls
PE
Physical Protection
6 controls
RA
Risk Assessment
3 controls
CA
Security Assessment
4 controls
SC
System & Comm Protection
16 controls
SI
System & Info Integrity
7 controls
Simple Pricing

One Payment. Yours Forever.

Perpetual licenses — no subscriptions, no renewals. Pay once, own it.

Basic License
$29
Perpetual License · No Subscription
Core security planning modules
Up to 5 system assessments
All 14 NIST domains covered
SSP HTML export
Email support
12-month updates
License key emailed within 1 business day.
[email protected]
Pro License
$49
Perpetual License · No Subscription
All Basic features
Unlimited system assessments
Advanced threat modeling
Custom report templates
Priority email support
Lifetime updates
License key emailed within 1 business day.
[email protected]
Enterprise License
$99
Perpetual License · No Subscription
All Pro features
Multi-site deployment
Team collaboration tools
API integration access
Dedicated support channel
Lifetime updates + SLA
License key emailed within 1 business day.
[email protected]
FAQ

Common Questions

What is NIST SP 800-171 and do I need an SSP?
NIST SP 800-171 defines requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems. If your organization handles CUI under a DoD contract or federal program, you are required to document how you protect that information in a System Security Plan (SSP).
How is ASSP different from ARMS?
ARMS is focused on CMMC 2.0 Level 2 assessment readiness — SPRS scoring, POA&M tracking, and evidence management. ASSP is focused on SSP generation and security system planning — documenting your environment, controls, roles, boundaries, and interconnections in a complete System Security Plan.
How is the app delivered?
ASSP is a single HTML file. After purchase you receive a license key by email. Open the app in any modern browser, enter your key, and you're in. No installation, no server, no cloud account required. Your data stays entirely on your machine.
Where is my data stored?
Entirely in your browser's local storage — nothing leaves your machine. You can export your data to a local JSON file at any time using the built-in Save function and reload it later. Zero cloud dependency.
What's the difference between Basic, Pro, and Enterprise?
Basic covers core planning for up to 5 systems with 12-month updates. Pro adds unlimited assessments, advanced threat modeling, and lifetime updates. Enterprise adds multi-site deployment, team tools, API integration, and a dedicated support SLA. All tiers are one-time perpetual licenses.
Is this a subscription? Will I be charged again?
No subscription, ever. All ASSP licenses are one-time perpetual purchases. You pay once and own your tier permanently.