Compliance – NIST 800-171
SecureIT works with organizations to ensure that they are adequately protecting Controlled Unclassified Information (CUI). Our professionals develop NIST SP 800-171 compliance programs and help government contractors ensure that they have appropriate controls in place for transmitting or storing CUI in non-federal information systems. While larger Federal contractors typically have IT resources to devote to compliance projects, small to midsize contractors may struggle to determine how NIST SP 800-171 affects them, and how to cost-effectively implement controls and develop documentation needed for compliance. Others may be working toward compliance, but have yet to complete the necessary work. Failure to comply with 800-171 jeopardizes existing and future Civilian and DoD contracts.
“Without in-house expertise, we struggled to understand the requirements for NIST 800-171 security controls. With the revenue from several contracts threatened by non-compliance, we needed a solution that we could afford. SecureIT’s Express Compliance Package delivered for us. We got the guidance we needed, along with policy and documentation support.”
Owner • Small Government Contracting Firm
Offerings:
SecureIT offers the following NIST 800-171 compliance services:
SecureIT’s NIST 800-171 Express Compliance Package is specially designed to help government contractors implement the appropriate controls for transmitting and storing controlled unclassified information (CUI). Here’s a brief overview:
Phase 1: Kick-Off, Education, & Assessment
-
Provide education on 800-171 and its specific requirements
-
Understand the system(s) and determine where CUI and CDI are located
-
Finalize the system boundary for 800-171 compliance
-
Walk through the NIST 800-171 Control Requirements Matrix
-
Determine the status for each requirement, and note any gaps where remediation is needed
-
Perform limited technical testing to validate compliance assertions
-
Develop initial Project of Actions & Milestones (POAM)
-
Deliver PPT presentation on current state of readiness and recommended path forward
-
Duration: One Week
Phase 2: Remediation & Compliance Program Management (Optional)
-
Prioritize control gaps to identify those that can be remediated quickly (e.g., within the time allocated for the project)
-
Assist with the implementation/enhancement of prioritized controls
-
Document control activities on the SSP to demonstrate how 800-171 requirements are being met
-
Develop needed documentation (i.e. System Security Plan (SSP), Incident Response Plan (IRP), Policies & Procedures, etc.)
-
Develop Management Assertion Letter that can be provided to customers/primes when asked
-
Assist with updating the POAM to reflect any remaining controls that are not implemented or that need to be enhanced
-
Design a program to ensure ongoing 800-171 compliance (continuous monitoring)
-
Next Steps:
-
Our infographic is a great place to start. It boils down what you need to know about NIST 800-171 (key facts, planning, and tips for success) and just takes a couple minutes to review. See it here.
-
Click here to get pricing for our NIST 800-171 Express Compliance Package that we tailor to meet your organization’s specific needs. We will pick up the phone and call you to discuss your specific needs.
-
Our brief eBook, “5 Tips for NIST 800-171 Success“, provides valuable guidance in helping government contractors meet the upcoming compliance deadline with minimal disruption to your core business. Download it today.
-
Take the next step to help your company achieve NIST 800-171 compliance in a timely manner. SecureIT wants to help you succeed with a variety of options to get started:
Why SecureIT:
SecureIT helps small and medium-sized businesses ensure they are protecting CUI with appropriate security controls. We offer cost-effective solutions to help clients design and implement security controls and document their systems so they can achieve and maintain NIST 800-171 compliance.
SecureIT’s NIST 800-171 services help our clients achieve compliance to maintain existing contracts and win new business.
Our holistic approach delivers NIST 800-171 services targeted to each client.
SecureIT is the best.
SecureIT delivers the expertise you need keep your NIST 800-171 compliance project on track and grow your business.
Download Datasheets and eBooks:
FedRAMP Authorized Platforms & Services
SecureIT-NIST-800-171-Infographic
800-53 Rev5 Advisory Datasheet
FedRAMP
Advisory Services
FedRAMP 3PAO Services
SecureIT’s FedRAMP Infographic
FedRAMP Insights
FIPS 140-2 Validation Q&A
FedRAMP Insights
FIPS 140-2 Validation