Below you can download a NIST 800-171 compliance checklist which lists the Core components necessary to meet DFARS cybersecurity requirements. The checklist includes the following:
- COVERED DEFENSE (CDI) DISCOVERY – You’ll need a baseline of risk to make decisions on implementing controls. In addition, you need to define your accreditation boundary and conduct an inventory of all systems and personnel with access to Covered Defense Information (CDI) data.
- REDUCE CDI SCOPE-Consider moving the CDI systems to their own dedicated environment and limit their interaction with non-CDI technology.
- GAP ANALYSIS-Conduct a Gap Analysis using NIST SP 171 Control Families to determine which controls are implemented.
- BUDGET CONSIDERATIONS-There are additional costs that an Organization will incur for Infrastructure enhancement, segmentation of network, and deployment of new tools.
- REMEDIATION OF GAPS-Once your gap assessment is complete, your organization is ready to start closing gaps. While this seems straightforward, many of the requirements can be complex and costly to implement especially on a large scale.
- 72 HOUR CYBER INCIDENT REPORTING OBLIGATIONS
- CONTINUOUS MONITORING -Conduct in-house compliance and operational tasks to maintain compliance.
NIST 800-171 compliance can be complex. Contact CKSS at firstname.lastname@example.org or 443-459-1589 to make sure you have everything in place and for support in developing a mature security program . This NIST 800-171 Compliance checklist is composed of general information about NIST 800-171 compliance and does not qualify as legal advice. Consult with your Legal Counsel and other Stakeholders on the Roadmap to NIST 800-171 Compliance.