Implement required minimum cybersecurity standards and improve the safeguards of your defense-related assets and information.
Cybersecurity Planning Toolkit
Cybersecurity Planning Toolkit
What it’s about:
- Cybersecurity Planning Toolkit offers free online training material and tools including interactive lessons, videos, and templates that you can start using immediately to assist in moving forward toward compliance.
- Microsoft Excel Workbook tracks your progress and serves as a gap assessment, planning and documentation tool for NIST 800-171 compliance.
- Separate worksheets address the security controls within each of the 14 families of NIST 800-171 requirements, with all 101 security requirements addressed in this tool.
How we help:
Each worksheet contains:
- The NIST 800-171 security requirement within that family with a checklist column to indicate whether or not you are in compliance.
- The NIST 800-53 method of control that applies to the security requirements.
- Implementation support for the security requirements.
- A documentation column for use in entering locations of supporting evidence of compliance, dates of compliance, or planned compliance initiatives in progress.
GET ACCESS TO TOOLKIT >
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
What it’s about:
- CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.
- The CMMC incorporates the requirements of NIST SP 800-171 and establishes a framework for defense contractors to become certified as cybersecurity compliant
- Represents a unified standard for implementing cybersecurity across the industrial base
- Contractor’s remain responsible for implementing critical cybersecurity requirements but also require third party assessments for certification
How we help:
- We assist you to verify that all technology and physical security aspects are working properly
- We work with you to establish a System Security Plan and Plan of Action with Milestones as a demonstration of your compliance
DFARS Compliance & NIST SP 800-171
DFARS Compliance & NIST SP 800-171
What it’s about:
- Achieving Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) minimum cybersecurity standards.
- Requires prime defense contractors and their supply chain protect sensitive information, classified as Covered Defense information, to the requirements defined in NIST SP 800-171
- Will ultimately expand to all DoD procurement in future years, applying to both prime and subcontractors
How we help:
- We conduct an executive overview of the steps and processes required to achieve compliance over time and other related federal cyber regulations
- Work with you to ensure you will be compliant with the controls described in NIST Special Publication 800-171
Gap Analysis
Gap Analysis
What it’s about:
- Conducting an assessment that allows your organization to understand how compliant you are to the NIST SP 800-171 standard
- Determines what’s missing – the gaps – and what’s needed to ensure your cybersecurity compliance
How we help:
- We’ll evaluate your security controls and identify where gaps exist with respect to NIST SP 800-171 and which may be preventing you from being compliant
- We provide a report with all the steps required to bring your business within the NIST SP 800-171 standard and where to focus your efforts
- We develop recommendations for improvements in a Plan of Action with Milestones (POAM)
System Security and Incident Response Plans
System Security and Incident Response Plans
What it’s about:
- A System Security Plan is based on a review of the current state of your system with input from your IT resources
- An Incident Response Plan details how to help detect, respond to, and recover from network security issues that may occur
How we help:
- We work with you to document policy and procedures designed to meet NIST SP 800-171 standards and train employees on them
- Collaborate to develop and implement system security plans for organizational information systems that describe the security requirements in place or planned for the systems
- Assist you in creating an approach to managing, containing, remediating, and preventing recurrence of a cybersecurity incident