DFARS/NIST 800-171 Compliance

The Challenge

System Security Plan (SSP) and associated Plans of Action & Milestones (POA&M’s) tailored to meet your business requirements.

To stay competitive in the DoD acquisition process, you need to comply with DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, which requires contractors to implement National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.

NIST 800-171 details the fourteen families of security requirements for protecting the confidentiality of Covered Defense Information (CDI).

The target audience for NIST 800-171 is both public and private sectors including individuals with:

  • Information system development life cycle responsibilities
  • Acquisition or procurement responsibilities
  • Information system, security, and/or risk management and oversight responsibilities
  • Information security assessment and monitoring responsibilities

The Solution

Achieve DFARS Compliance with CyberSheath

CyberSheath is uniquely positioned to enable your business to achieve compliance with NIST 800-171 Protecting Covered Defense Information in Nonfederal Systems and Organizations. CyberSheath has assessed and implemented the required NIST 800-171 controls for every size organization in the defense industrial base supply chain. Our professional services team has unmatched experience interpreting the NIST 800-171 requirements, solving operational issues, and implementing the controls required to protect covered defense information in a manner that demonstrably shows compliance.

Business Benefit

CyberSheath’s DFARS 800-171 Assessment

Our services enable you to understand and take the required action to meet the basic and derived security requirements for protecting the confidentiality of CDI.

Compliance with NIST 800-171 can be achieved in four steps, they aren’t simple steps and you should ignore vendors who are trying to sell you a product to achieve compliance- there isn’t one. Many of the 110 security requirements deal with process and how you implement the controls will be unique to your business.

CyberSheath enables you to stay competitive in the DoD acquisition process and comply with NIST 800-171 through these five steps:

  • Assessing Current Operations for Compliance
  • Generate a System Security Plan (SSP)
  • Document Plans of Action & Milestones (POA&Ms)
  • Implementing the Required Controls
  • Maintaining Compliance