A NIST 800-171 Expert will guide you through each control, for a more in depth compliance assessment.
Your Professionally Developed NIST 800-171 POAM. Tailored just for you, because nothing beats a clear plan.
We implement any remaining security controls for you. Serviced from start to finish. Let us lift your burden.
Compliance Auditing & Implementations
National Institute of Standards and Technology 800-171
National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 rev2 outlines cybersecurity-related enterprise level requirements for government contractors; the DoD published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) that took effect for any contracts originating after December 31, 2017. These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations.
As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171, consisting of 110 required controls, such as Access Control, Incident Response, and System and Information Integrity among a few. If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts.
The New Standard
Cybersecurity Maturity Model Certification
Furthermore, the DoD is drafting a new standard called the Cybersecurity Maturity Model Certification (CMMC). This standard is intended to replace NIST 800-171 on DoD RFIs and RFPs beginning in mid-2020. The CMMC contains five levels, ranging from basic hygiene to state-of-the-art. Unlike NIST 800-171, the CMMC will not contain a self-attestation component. Every organization that does business with the DoD will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime. La Jolla Logic is following this closely and plans to offer CMMC assessment and auditing services to our customers.
Risk Management Framework
“Let us help you through this complex process so you can focus on what your business does best!”
Risk Management Framework
NIST SP 800-37 rev2 Risk Management Framework (RMF), is a widely used framework within the DoD and its supporting industry partners. Most agencies within the DoD have their own interpretation of RMF that results in unique implementation requirements and processes to achieve such compliance.
As our cybersecurity expertise stems from supporting DoD organizations, La Jolla Logic is very familiar with Defense Counterintelligence and Security Agency (DCSA), Navy, Air Force, Army, Military Sealift Command (MSC) and Department of Homeland Security (DHS) implementation requirements for RMF as well as has vast contacts and trusted reputation with the accreditation authorities.
All these separate agencies have their own unique set of requirements and preferences; La Jolla Logic has worked with these organizations for many years in achieving and maintaining Authority to Operate (ATO) status for individual and enterprise-level systems under DITSCAP, DIACAP, and RMF. Our engineers leverage this in-depth knowledge to help our industry colleagues achieve ATO under RMF for their organizations, products, systems, and/or facilities.
Your company can leverage our expertise in a manner that best suits your needs. Use us to develop and monitor the entire RMF package through submission and to ATO, responding to all correspondence from the agency on your behalf or we can function as consultants to guide and train your team and assist with all or some portions of the package- you choose!
Let us help you through this complicated process so you can focus on what your business does best!