Claim NIST SP 800-171 compliance with the help of our experts
NIST SP 800-171 Compliance Assessment
“If you can’t see it, you can’t defend against it.™"
Utilizing the requirements outlined by the National Institute of Standards and Technology (NIST), Cybersafe’s expert team comprehensively evaluates your eligibility to claim NIST SP 800-171 compliance.
Safely store CUIs and claim NIST SP 800-171 compliance.
When it comes to processing, storing or transmitting controlled unclassified information (CUI), there are numerous factors to consider.
To protect the confidentiality of CUIs and claim NIST SP 800-171 compliance—mandated by some Department of Defense contracts—Cybersafe helps organizations assess alignment with 110 requirements outlined in National Institute of Standards and Technology (NIST) SP 800-171 (DFARS).
These requirements fall into 14 control families necessary for NIST SP 800-171 compliance:
- Access Control (3.1)
- Awareness & Training (3.2)
- Audit & Accountability (3.3)
- Configuration Management (3.4)
- Identification & Authentication (3.5)
- Incident Response (3.6)
- Maintenance (3.7)
- Media Protection (3.8)
- Personnel Security (3.9)
- Physical Protection (3.10)
- Risk Assessment (3.11)
- Security Assessment (3.12)
- System & Communications (3.13)
- System & Information Integrity (3.14)
1. Identify the environment where CUI will be processed.
Note the organization name, environment name and description, contacts, operational status, system boundary, and interconnections.
2. Assess the environment against the 110 NIST 800-171 controls.
Understand control requirements, determine if the environment satisfies them, assign a status for each control (implemented, partially implemented, not implemented, or not applicable) and rationale, and upload evidence for non-failed controls.
3. Create plans of action for failed controls.
As long as you document remediation plans to correct any deficiencies, it is still possible to achieve NIST 800-171 compliance.
4. Document results in a System Security Plan.
Certify results and create a new System Security Plan (SSP) at the end of the assessment, or any time changes are made.
What You’ll Need to Provide NIST From This Assessment:
System Security Plan (SSP):
Stating how you’ve implemented the 110 requirements, and a description of your environment (system boundary, operating environment, and system interconnections).
Plan of Action & Milestones (POA&M):
Your plans to correct any failed requirements.
NIST SP 800-171 Family-Specific Security Policies:
A complete set of 14 security policies that align with the NIST control families.
The Cybersafe Difference
Our skilled specialists provide 24/7/365 cybersecurity monitoring of your crucial systems, and our scale of operation enables us to do so at a fraction of the cost of hiring internally
- Service: Our analysts and managers are available 24/7/365 to fully support you and your business.
- Technology/Infrastructure: Our infrastructure is located in a Tier IV data center—boasting nearly perfect uptime through unparalleled redundancy of our equipment, and the most comprehensive data center tier security globally.