NIST 800-171 Express Compliance Package
While larger Federal contractors typically have IT resources to devote to compliance projects, small to midsize contractors may struggle to determine how NIST SP 800-171 affects them, and how to cost-effectively implement controls and develop documentation needed for compliance. While contractors may be working toward compliance, many find that their efforts are falling short as scoring requirements and audits looms. Failure to comply with 800-171 jeopardizes existing and future Civilian and DoD contracts. For U.S. defense contractors, SecureIT ensures that your 800-171 compliance investments are fully leveraged to speed future CMMC certification efforts.
SecureIT’s NIST 800-171 Express Compliance Package is specially designed to help government contractors implement the appropriate controls for transmitting and storing controlled unclassified information (CUI). Here’s a brief overview:
Initial Kick-Off: Education, Environment Profile & Assessment
- Provide education on 800-171 and its specific requirements
- Understand the system(s) and determine where CUI and CDI are located
- Finalize the system boundary for 800-171 compliance
- Walk through the NIST 800-171 Control Requirements Matrix
- Determine the status for each requirement, and note any gaps where remediation is needed
- Perform limited technical testing to validate compliance assertions
- Assist in scoring controls per DFARS 2019-D041 methodology
- Develop initial Project of Actions & Milestones (POA&M)
- Organize content, customize controls and define a prioritized action plan in Rizkly, a SaaS cloud-based compliance management application
Ongoing: Remediation & Compliance Program Management
- Prioritize control gaps to identify those that can be remediated quickly (e.g., within the time allocated for the project)
- Assist with the implementation/enhancement of prioritized controls
- Document control activities on the SSP to demonstrate how 800-171 requirements are being met
- Develop needed documentation (i.e. System Security Plan (SSP), Incident Response Plan (IRP), Policies & Procedures, etc.)
- Develop Management Assertion Letter that can be provided to customers/primes when asked
- Assist with updating the POAM to reflect any remaining controls that are not implemented or that need to be enhanced
- Leverage Rizkly to organize policies, track tasks, and demonstrate compliance with auditors and assessors
Take the next step to help your company achieve NIST 800-171 compliance in a timely manner. SecureIT wants to help you succeed with a variety of options to get started:
- Our infographic is a great place to start. It boils down what you need to know about NIST 800-171 (key facts, planning, and tips for success) and just takes a couple minutes to review. See it here.
- Click here to get pricing for our NIST 800-171 Express Compliance Package that we tailor to meet your organization’s specific needs. We will pick up the phone and call you to discuss your specific needs.
- Our brief eBook, “5 Tips for NIST 800-171 Success“, provides valuable guidance in helping government contractors meet the upcoming compliance deadline with minimal disruption to your core business. Download it today.