SSP

A System Security Plan (SSP) is a required document that describes how an organization implements the 110 security controls defined in NIST 800-171 to protect Controlled Unclassified Information (CUI).

How We Help

We provide SSP blueprint documentation covering the security controls implemented by tiCrypt. This allows organizations to focus their SSP effort on system- and organization-specific controls, rather than recreating platform-level documentation.

How the tiCrypt Family Helps

The tiCrypt Family is an independent collaboration of tiCrypt customers, organized separately from Tera Insights. The group meets regularly to:

• Discuss new features and help prioritize roadmap items
• Share practical experience and best practices
• Support each other through implementation and compliance efforts

As part of this collaboration, existing customers may share copies of their SSPs with new customers, subject to mutual agreement and appropriate redaction. This sharing is done with the understanding that new customers will, in turn, contribute their SSPs to the tiCrypt community once their implementation is complete, helping strengthen the collective knowledge base.

Current customers also meet with prospective customers to:

• Answer questions about real-world deployments
• Demonstrate how tiCrypt is used to build and operate secure enclaves

Example Controls

The following examples illustrate how tiCrypt implements selected NIST 800-171 security requirements.

Enforcing Physical and Logical Access Restrictions

tiCrypt enforces strict access controls by blocking all network ports by default and allowing communication only through authenticated, encrypted channels. Secure communication between the front end and virtual machines is established through:

• Public key binding
• Diffie–Hellman key exchange
• Digital signatures

These mechanisms create a double-encrypted, passwordless communication channel that prevents unauthorized access and mitigates risks arising from compromised infrastructure or external threat actors.

Creation, Retention, and Protection of System Audit Logs

tiCrypt generates a comprehensive audit trail capturing over 110 distinct system events, with timestamps recorded at millisecond-level precision. This enables detailed monitoring, traceability, and forensic analysis of system activity.

Audit log integrity is protected using SHA-256 cryptographic hashing. Any attempt to modify or tamper with audit records results in a hash mismatch, making unauthorized changes immediately detectable during audit review. This approach protects audit information against unauthorized access, modification, or deletion and ensures the long-term integrity of audit data.