Originally published at: https://grcacademy.io/cmmc/controls/ca-l2-3-12-4/
Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.