OCIO management should implement a quality control process to validate whether system-level SSPs, such as those tested, accurately reflect implementation statuses of their security controls and/or include all interfaces.