DFARS/NIST 800-171 Compliance

The Challenge

Staying competitive in the DoD acquisition process

DoD contractors must comply with DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, which requires contractors to implement National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 1, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.  These cybersecurity requirements for Primes and Subcontractors are no longer voluntary and DoD audits, coupled with the Cybersecurity Maturity Model Certification (CMMC) will require compliance prior to bidding a DoD contract.


DFARS/NIST 800-171 Compliance Managed Security Services

CyberSheath DFARS/NIST 800-171 Compliance Managed Security Services include:

  • Documented, actionable annual compliance assessments against all 110 NIST 800-171 security requirements.
  • System Security Plans (SSP) & Addendums.
  • Documented Plans of Action & Milestones (POA&Ms) with dedicated program management leadership to close non-compliant control gaps and achieve full compliance
  • Third-party risk management to document and validate the security of your subcontractors, suppliers, and vendors and demonstrate compliance with DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.
  • Dedicated engineering support for the implementation of all 110 security controls including Multi-Factor Authentication, Incident Response and more.
  • Centralized 24x7x365 Security Operations Center (SOC) capabilities including: SIEM, Network IDS, Host IDS, File Integrity Monitoring, Vulnerability Assessment, Real-time Security Intelligence including correlation directives, IDS signatures, NIDS signatures and Asset fingerprints and a full suite of compliance reporting including HIPAA, NIST 800-171, SOC 2 GDPR and PCI DSS and more because we understand that you have many compliance requirements to satisfy.
  • Cyber incident detection and reporting aligned DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting requirements. From identifying compromised computers, servers, specific data, and user accounts through remediation and reporting CyberSheath ensures you mitigate threats and maintain compliance.
  • Cloud Computing Services compliant with DFARS 252.239-7010 requirements to implement and maintain administrative, technical, and physical safeguards and controls with the security level and services required in accordance with the Cloud Computing Security Requirements Guide (SRG).

Business Benefit

Partnering with the CyberSheath as an MSSP

CyberSheath has worked with the DoD for more than a decade through every iteration of DFARS from voluntary to the current mandatory state we are experts in right-sizing the security requirements to enable your business to stay competitive in the DoD acquisition process.  Our DoD Prime and Subcontractor customers cover a broad range of environments from manufacturing, labs, foreign-owned subsidiaries, traditional office, and cloud-based environments. Whatever your environment, we have seen it, secured it and made it DFARS compliant.