Protect and Comply with
Cybersecurity Measures
Let us show you how

Implement required minimum cybersecurity standards and improve the safeguards of your defense-related assets and information.

DFARS Compliance & NIST SP 800-171

What it’s about:

  • Achieving Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) minimum cybersecurity standards.
  • Requires prime defense contractors and their supply chain protect sensitive information, classified as Covered Defense information, to the requirements defined in NIST SP 800-171
  • Will ultimately expand to all DoD procurement in future years, applying to both prime and subcontractors

How we help:

  • We conduct an executive overview of the steps and processes required to achieve compliance over time and other related federal cyber regulations
  • Work with you to ensure you will be compliant with the controls described in NIST Special Publication 800-171

Gap Analysis

What it’s about:

  • Conducting an assessment that allows your organization to understand how compliant you are to the NIST SP 800-171 standard
  • Determines what’s missing – the gaps – and what’s needed to ensure your cybersecurity compliance

How we help:

  • We’ll evaluate your security controls and identify where gaps exist with respect to NIST SP 800-171 and which may be preventing you from being compliant
  • We provide a report with all the steps required to bring your business within the NIST SP 800-171 standard and where to focus your efforts
  • We develop recommendations for improvements in a Plan of Action with Milestones (POAM)

Cybersecurity Maturity Model Certification (CMMC)

What it’s about:

  • The CMMC incorporates the requirements of NIST SP 800-171 and establishes a framework for defense contractors to become certified as cybersecurity compliant
  • Represents a unified standard for implementing cybersecurity across the industrial base
  • Contractor’s remain responsible for implementing critical cybersecurity requirements but also require third party assessments for certification

How we help:

  • We assist you to verify that all technology and physical security aspects are working properly
  • We work with you to establish a System Security Plan and Plan of Action with Milestones as a demonstration of your compliance

System Security and Incident Response Plans

What it’s about:

  • A System Security Plan is based on a review of the current state of your system with input from your IT resources
  • An Incident Response Plan details how to help detect, respond to, and recover from network security issues that may occur

How we help:

  • We work with you to document policy and procedures designed to meet NIST SP 800-171 standards and train employees on them
  • Collaborate to develop and implement system security plans for organizational information systems that describe the security requirements in place or planned for the systems
  • Assist you in creating an approach to managing, containing, remediating, and preventing recurrence of a cybersecurity incident

Discover how CONNSTEP can help you meet compliance.