NIST SP 800-171 Compliance Services
Unauthorized access and disclosure of government information has become all too common in these times of frequent cyber-attacks. As a result, the government has extended mandatory safeguards to nonfederal organizations that process, store or transmit Controlled Unclassified Information (CUI) or Covered Defense Information in non-federal information systems. These nonfederal organizations include contractors, subcontractors and service providers. Additionally, CUI is often provided to, or shared with, state and local governments, colleges and universities, and independent research organizations. To comply with CUI requirements, government contractor and other organizations processing CUI must fully understand what CUI they store, process, or transmit in the course of doing business with the federal government. Government contractor organizations must be prepared to provide adequate documentation describing their technical solutions, policies, and evidence of being able to detect and respond to incidents. safeguards, as defined by NIST SP 800-171,Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, which currently includes fourteen families of security requirements and a total of 109 individual controls. The CUI requirements within NIST SP 800-171 are directly linked to the baseline controls described in NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and are intended for use by federal agencies in contracts or other agreements established between those agencies and non-federal organizations.TestPros provides a full range of NIST SP 800-171 Compliance Services to help you establish the necessary controls, and build the documentation the Government requires.
If you are a contractor providing services to the U.S. federal government, your organization is responsible for protecting Controlled Unclassified Information (CUI). For Department of Defense contractors, DFAR 252.204-7012 & 252.204-7008 require that you implement the safeguards defined by NIST SP 800-171 over these materials by December 31, 2017. Prior to the deadline, DoD contractors must report any NIST SP 800-171 requirements not implemented, within 30 days of contract award.
While no equivalent FAR regulation is currently in place, it is anticipated that the requirement will extend to companies supporting civilian agencies in the near future.
Regardless of the legal requirement, it makes good business sense to implement the security steps defined by NIST SP 800-171!
TestPros provides independent assessment and advisory consultation services to meet your NIST SP 800-171 Compliance Services needs, addressing the current fourteen families of security requirements and total of 109 controls. From mapping the required NIST controls for your environment, to developing and documenting a System Security Plan (SSP), to security testing, to developing and managing the resolution of a Plan of Actions and Milestones (POA&M) to become or stay compliant, TestPros does it all. Our proven approach aligns with the NIST Risk Management Framework (RMF).
Our NIST SP 800-171 Independent Assessment Services
NIST SP 800-171 Compliance Services covers the broad range of assessment support required by Department of Defense and federal civilian departments.
- FIPS 199 system categorization
- FIPS 200 and agency control selection
- Implementation of applicable security controls
- Assessment of security controls
- Authorization recommendation of system
- Continuous monitoring
TestPros’ NIST SP 800-171 Advisory Consultation Services
Supporting or creating NIST 800-171 required documentation sets including a System Security Plan (SSP) that documents how you protect and ensure control of CUI and any additional guidance based on client or agency requirements.
TestPros is an independent IT Assessment organization, and has provided IT Security consultation and assessment services for over 30 years. We have conducted dozens of independent IT Security assessments based upon the NIST SP 800-53 guidelines, Software Supply Chain Assurance (SSCA) guidelines, and other NIST-based standards. We have provided these assessments to federal contractors, product vendors, and directly to the federal Government.