NIST Compliance Solutions
NIST SP 800-171 Assessment Service
Sentar’s GRC Team has helped almost 100 Federal contractors meet their NIST SP 800-171 compliance requirements. We only need a few weeks at most to do a complete gap assessment; review your plans, policies, and procedures; and develop your System Security Plan (SSP) and Plan of Action and Milestones (POA&M). We can also provide a complete best practices documentation kit, with free customization support for six months following the assessment. We’ll also conduct annual re-assessments at a fraction of the cost of the first one.
Our NIST SP 800-171 Assessment Service provides:
- NIST-171 Compliance service
- Explain, assess, and capture information on your compliance with all NIST SP 800-171 controls
- Capture all necessary connections, companies, compute boundaries that fall within scope of DFARS 252.204-7012
- Formally document the above into a System Security Plan (SSP)
- Formally document the above that must be captured into a Plan of Action & Milestones (POA&M)
- [Free for 12 months] Recommendations, advice, and consulting for remediation of POA&M items
- Optional Purchase: 14 Families of Best Practices documentation (Plans, Policies, Procedures) including all required deliverables such as Incident Response Plan and Disaster Recovery Plan
- [Free for 12 months] Support for questions and changes to the 14 family of best practices doc kit.
NIST SP 800-171 Mitigation and Compliance Solution
You’ve completed your DFARS 252.204-7012 compliance tasks, but now have a list of cybersecurity compliance issues documented in your Plan of Action & Milestones (POA&M). The vast majority of these POAM gaps are failures in NIST SP 800-171 standards compliance.
So, what’s the right approach to fixing these gaps? What’s the least impact to your company, while still meeting the requirements and intent of the NIST SP 800-171 standard? Sentar can help you meet your NIST compliance requirements efficiently and cost-effectively. Matter of fact, you will likely be able to mitigate many of your gaps without purchasing additional new hardware and software. When you do need to make a purchase, our experience will show you the best choice for your organization.
Our NIST SP 800-171 Mitigation and Compliance Solution includes:
- Sentar will assign at least one Cybersecurity Engineer to perform tasks to bring you into, and maintain, compliance with NIST SP 800-171
- Working with your chosen IT Services Provider, and other personnel as needed, we will help you finalize the approach, costs, milestones, and completion dates for all items included on the POA&M
- Our team member(s) will serve as the cybersecurity lead for all POA&M items, ensuring that all POA&M milestones and completion dates are met on schedule and within budget
- We will create and help implement a strategy for your organization to maintain compliance for DFARS 252.204-7012, NIST SP 800-171, and any future related requirements or changes to those standards, including the following:
- Continuous Monitoring Service
- Periodic Security, Vulnerability, and Risk Assessments as deemed needed
- Maintaining and ensuring these processes are performed correctly and in a timely fashion
- Leading the effort to draft and implement your cybersecurity policies
- Maintaining and updating your System Security Plan
DCMA and NIST 800-171 Audits
The deadline for DoD contractors to comply with DFARS 252.204-7012 and NIST SP 800-171 has expired. There is no grace period. Contractors are being audited by DCMA, specifically focusing on their NIST SP 800-171 compliance, their Systems Security Plan (SSP), Plan of Actions and Milestones (POA&M), and Policies. Every Sentar DFARS/NIST client that has been audited by the DCMA have passed.
If you are seeking help for an upcoming audit, we can help you prepare, even if you didn’t use us to conduct any of your GRC compliance efforts in the past. Within a few weeks, we can conduct a new gap assessment, update or create your SSP and POA&M, and provide the matching, filled out, documentation you need.
NIST CUI Registry
In 2010, Executive Order 13556 created the Controlled Unclassified Information (CUI) program in response to nation states’ stealing critical information from federal contractors.
The National Archives website provides this complete CUI Registry that clarifies and further describes the complete scope of Covered Defense Information.