NIST SP 800-171 Advisory and Assessment Services
Several different cybersecurity requirements are present in the FAR and DFARS, but at a high level, both FAR and DFARS cybersecurity contract obligations are centered around a NIST Special Publication – NIST SP 800-171.
NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs controlled unclassified information (CUI) in nonfederal information systems and organizations. It is essentially a set of standards that define how to safeguard and distribute material deemed sensitive but not classified. NIST 800-171 was developed after the FISMA (Federal Information Security Management Act) was passed in 2003, resulting in several security standards and guidelines. The NIST 800-171 assessment was created in part to improve cybersecurity, especially after numerous well-documented breaches in the last few years.
We have studied the ins and outs of this Federal Government Cybersecurity mandate and are eager to help companies learn how NIST 800-171 applies to you and to help you achieve compliance by answering questions such as:
- What policies, procedures, and standards need to be in place?
- What potential risks and vulnerabilities exist?
- How can these gaps be remediated?
- What kind of training is still needed for managers, employees, and clients?
- What steps do we need to take for continued compliance?