Most people do not like reading or writing Policies, Procedures, and System Security Plans. This is understandable - most of the documents are usually written in difficult-to-understand language, are not updated on a regular basis and are very resource-intensive.
Do these Scenarios Ring a Bell?
Small IT Department
Lack of bandwidth
... Read More
Category: NIST
19
Jan2021
03
Aug2019
The Department of Defense (DoD) recently announced the development of the ”Cybersecurity Maturity Model Certification (“CMMC”)”, a standard aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (“DIB”), particularly as it relates to controlled unclassified information (“CUI”) within the supply chain. This new standard will provide ... Read More
08
May2018
NIST SP 800- 171 & Continuous Monitoring of security controls and cyber hygiene, are must for any DoD subcontractor looking to stay compliant. Traditionally, this process has been referred to as “Continuous Monitoring” as noted in NIST SP 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations. It is ... Read More
12
Apr2018
POAM NIST 800-171 (Plan of Action and Milestones) is required for DoD contractors to meet DFARS compliance requirements. If during your internal audit you find that your company does not meet some of the NIST requirements, the Plan of Action and Milestones outlines how and ... Read More
18
Mar2018
Below you can download a DFARS/NIST 800-171/CMMC Compliance Checklist which lists the Core components necessary to meet Cybersecurity requirements. The checklist includes the following:
CONTROLLED UNCLASSIFIED INFORMATION DISCOVERY – You’ll need a baseline of risk to make decisions on implementing controls. In addition, you need to define your accreditation boundary and conduct an inventory ... Read More
13
Mar2018
Understanding NIST 800-171 Critical Controls is important if your company stores Controlled Unclassified Information (CUI), and you are the prime, subcontractor, or a 3rd party cloud provider. The following information will help you understand the critical areas that require special attention.
Contractors are encouraged to implement adequate safeguarding standards in NIST 800-171 as ... Read More
28
Nov2017
The DFARS NIST 800 171 Compliance deadline is December 31, 2017. Below are the recommended controls that are required to ensure the confidentiality of CUI and NIST Compliance based on SP 800-171:
Access Control
Audit and Accountability
Awareness and Training
Configuration Management
Identification and Authentication
Incident Response
Media Protection
Personnel ... Read More
02
Nov2017
This is a NIST 800-171 System Security Plan (SSP) Template which is a comprehensive document that provides an overview of NIST SP 800-171 Rev. 1 system security requirements and describes controls in place or planned to meet those requirements. The SSP toolkit also comes with a POAM ... Read More
13
Nov2016
Under DFARS 252.204-7012, to meet NIST SP 800-171 Compliance, a contractor must implement the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, that is in effect at the time the solicitation is issued by the Contracting Officer, or as soon as practical, but not later ... Read More