System Security Plan Annex
This page provides a template and guidance to assist organisations in preparing a System Security Plan Annex (SSP-A) describing how they have addressed controls from ASD's Information Security Manual (ISM) in the context of system(s) built on ASD's Blueprint for Secure Cloud.
Estimated reading time: 1 minute
This System Security Plan Annex (SSP-A) template provides a guide and resource to be used by organisations to assist them in preparing a SSP-A describing how they have addressed controls from ASD’s Information Security Manual (ISM) in the context of system(s) built on ASD’s Blueprint for Secure Cloud. It provides guidance to facilitate decision-making, rather than prescriptive statements or measures, allowing organisations to tailor this document according to the controls implemented and the organisation’s context.
Organisations are expected to approach this SSP-A template as a starting point for understanding security considerations within the Microsoft 365 platform and to conduct their own thorough assessments and analyses. In doing so, organisations should make their own informed decisions aligning with their own requirements and security objectives, recognising the unique requirements and evolving nature of organisational contexts and cybersecurity landscapes.
Text included in the guidance boxes throughout this template should be deleted from an organisation’s final SSP.
The System Security Plan Annex (SSP-A) for
<SYSTEM-NAME> covers both applicable controls from this document and any additional controls that have been identified. The completed SSP-A for
<SYSTEM-NAME> can be found at
System Security Plan Annex.