Implement required minimum cybersecurity standards and improve the safeguards of your defense-related assets and information.
DFARS Compliance & NIST SP 800-171
DFARS Compliance & NIST SP 800-171
What it’s about:
- Achieving Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) minimum cybersecurity standards.
- Requires prime defense contractors and their supply chain protect sensitive information, classified as Covered Defense information, to the requirements defined in NIST SP 800-171
- Will ultimately expand to all DoD procurement in future years, applying to both prime and subcontractors
How we help:
- We conduct an executive overview of the steps and processes required to achieve compliance over time and other related federal cyber regulations
- Work with you to ensure you will be compliant with the controls described in NIST Special Publication 800-171
Gap Analysis
Gap Analysis
What it’s about:
- Conducting an assessment that allows your organization to understand how compliant you are to the NIST SP 800-171 standard
- Determines what’s missing – the gaps – and what’s needed to ensure your cybersecurity compliance
How we help:
- We’ll evaluate your security controls and identify where gaps exist with respect to NIST SP 800-171 and which may be preventing you from being compliant
- We provide a report with all the steps required to bring your business within the NIST SP 800-171 standard and where to focus your efforts
- We develop recommendations for improvements in a Plan of Action with Milestones (POAM)
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
What it’s about:
- The CMMC incorporates the requirements of NIST SP 800-171 and establishes a framework for defense contractors to become certified as cybersecurity compliant
- Represents a unified standard for implementing cybersecurity across the industrial base
- Contractor’s remain responsible for implementing critical cybersecurity requirements but also require third party assessments for certification
How we help:
- We assist you to verify that all technology and physical security aspects are working properly
- We work with you to establish a System Security Plan and Plan of Action with Milestones as a demonstration of your compliance
System Security and Incident Response Plans
System Security and Incident Response Plans
What it’s about:
- A System Security Plan is based on a review of the current state of your system with input from your IT resources
- An Incident Response Plan details how to help detect, respond to, and recover from network security issues that may occur
How we help:
- We work with you to document policy and procedures designed to meet NIST SP 800-171 standards and train employees on them
- Collaborate to develop and implement system security plans for organizational information systems that describe the security requirements in place or planned for the systems
- Assist you in creating an approach to managing, containing, remediating, and preventing recurrence of a cybersecurity incident