Claim NIST SP 800-171 compliance with the help of our experts
NIST SP 800-171 Compliance Assessment
“If you can’t see it, you can’t defend against it.™"
Utilizing the requirements outlined by the National Institute of Standards and Technology (NIST), Cybersafe’s expert team comprehensively evaluates your eligibility to claim NIST SP 800-171 compliance.
Safely store CUIs and claim NIST SP 800-171 compliance.
When it comes to processing, storing or transmitting controlled unclassified information (CUI), there are numerous factors to consider.
To protect the confidentiality of CUIs and claim NIST SP 800-171 compliance—mandated by some Department of Defense contracts—Cybersafe helps organizations assess alignment with 110 requirements outlined in National Institute of Standards and Technology (NIST) SP 800-171 (DFARS).
These requirements fall into 14 control families necessary for NIST SP 800-171 compliance:
- Access Control (3.1)
- Awareness & Training (3.2)
- Audit & Accountability (3.3)
- Configuration Management (3.4)
- Identification & Authentication (3.5)
- Incident Response (3.6)
- Maintenance (3.7)
- Media Protection (3.8)
- Personnel Security (3.9)
- Physical Protection (3.10)
- Risk Assessment (3.11)
- Security Assessment (3.12)
- System & Communications (3.13)
- System & Information Integrity (3.14)
1. Identify the environment where CUI will be processed.
Note the organization name, environment name and description, contacts, operational status, system boundary, and interconnections.
2. Assess the environment against the 110 NIST 800-171 controls.
Understand control requirements, determine if the environment satisfies them, assign a status for each control (implemented, partially implemented, not implemented, or not applicable) and rationale, and upload evidence for non-failed controls.
3. Create plans of action for failed controls.
As long as you document remediation plans to correct any deficiencies, it is still possible to achieve NIST 800-171 compliance.
4. Document results in a System Security Plan.
Certify results and create a new System Security Plan (SSP) at the end of the assessment, or any time changes are made.
What You’ll Need to Provide NIST From This Assessment:
System Security Plan (SSP):
Stating how you’ve implemented the 110 requirements, and a description of your environment (system boundary, operating environment, and system interconnections).
Plan of Action & Milestones (POA&M):
Your plans to correct any failed requirements.
NIST SP 800-171 Family-Specific Security Policies:
A complete set of 14 security policies that align with the NIST control families.
The Cybersafe Difference
Cybersafe is purpose-built to perform 24/7/365 Cybersecurity, and our scale of operation enables us to do so at a fraction of the cost of doing it internally.
Expertise. We have the best of the best. Our teams have experience leading organizations of all sizes in the public and private spaces. Our CTO has worked at NASA and JPMorgan, and was an Adjunct Instructor for the first NSA-certified Cybersecurity Center. Our CSS holds four leading Cybersecurity certifications. Our COO has published multiple books on information security. Our team has experience working in government agencies, large healthcare organizations, Fortune 100 companies, and various businesses in the small-medium enterprise space. Our people have seen it all and secured it all.
Service. We understand that our customers require more than just great technology. Our analysts and managers are available to you 24/7/365 to support you and your business.
Technology/Infrastructure. We have invested in and built Cybersafe Solutions using nothing but the best. From design through components, we have implemented our technology solutions to be unmatched in their operations and sustainability, utilizing best practices around segmentation, redundancy, recovery, continuity, access, and maintenance. And we never stop looking inward for continuous improvement.