NIST SP 800-171 Advisory and Assessment Services
Several different cybersecurity requirements are present in the FAR and DFARS, but at a high level, both FAR and DFARS cybersecurity contract obligations are centered around a NIST Special Publication – NIST SP 800-171.
NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs controlled unclassified information (CUI) in nonfederal information systems and organizations. It is essentially a set of standards that define how to safeguard and distribute material deemed sensitive but not classified. NIST 800-171 was developed after the FISMA (Federal Information Security Management Act) was passed in 2003, resulting in several security standards and guidelines. The NIST 800-171 assessment was created in part to improve cybersecurity, especially after numerous well-documented breaches in the last few years.
We have studied the ins and outs of this Federal Government Cybersecurity mandate and are eager to help companies learn how NIST 800-171 applies to you and to help you achieve compliance by answering questions such as:
- What policies, procedures, and standards need to be in place?
- What potential risks and vulnerabilities exist?
- How can these gaps be remediated?
- What kind of training is still needed for managers, employees, and clients?
- What steps do we need to take for continued compliance?
Services
- Planning and preparing for NIST SP 800-171 certification
- Implementation advisory services – High-level assessment to determine organization readiness and prepare a roadmap
- Readiness services – Assist with planning and execution of NIST SP 800-171 control requirements
- Control assessment, identify gaps, and remediate
- Issue report on compliance