NIST 800-171 Compliance Professionals

Whether you need to get compliant, or are looking to harden security, we will take care of you.
Fast Turnaround
Masterful Audits

Tier 1

Rapid Assessment

Rapid NIST 800-171 Assessment. Comprehensive review of documentation & paperwork. Followed with professional assessments.

Tier 2

Guided Compliance

Includes Tier 1 +
A NIST 800-171 Expert will guide you through each control, for a more in depth compliance assessment.

Tier 3


Includes Tier 1—2 +
Your Professionally Developed NIST 800-171 POAM. Tailored just for you, because nothing beats a clear plan.

Tier 4


Tiers 1—3 +
We implement any remaining security controls for you. Serviced from start to finish. Let us lift your burden.

Safeguarding CUI

Compliance Auditing & Implementations

National Institute of Standards and Technology 800-171

National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 rev2 outlines cybersecurity-related enterprise level requirements for government contractors; the DoD published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) that took effect for any contracts originating after December 31, 2017.  These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations.

As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171, consisting of 110 required controls, such as Access Control, Incident Response, and System and Information Integrity among a few. If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts.

The New Standard

Cybersecurity Maturity Model Certification

Furthermore, the DoD is drafting a new standard called the Cybersecurity Maturity Model Certification (CMMC). This standard is intended to replace NIST 800-171 on DoD RFIs and RFPs beginning in mid-2020. The CMMC contains five levels, ranging from basic hygiene to state-of-the-art. Unlike NIST 800-171, the CMMC will not contain a self-attestation component. Every organization that does business with the DoD will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.  La Jolla Logic is following this closely and plans to offer CMMC assessment and auditing services to our customers.

CMMC compliance

We are your expert NIST 800-171 and CMMC compliance partner!

For all DoD firms seeking compliance services, La Jolla Logic is a CMMC-AB approved RPO and C3PAO firm and expert cybersecurity firm and DoD contractor offering NIST 800-171 and CMMC compliance services. As a small business and client #1 of our own methods, we understand the need for affordable, efficient, and most important effective measures in meeting Government mandates for enterprise information security. We offer multi-phased, end-to-end solutions or can simply advise your internal IT staff for a DiY approach – whether your environment is on-prem, cloud or hybrid.

Our methods are proven, cost-efficient, and flexible – tailored specifically for Small Business needs in meeting NIST 800-171 and CMMC compliance requirements, as well as Risk Management Framework (RMF) for system, application, or facility accreditation. Our engineers have deep expertise in NIST controls derived from many years of experience with designing, developing, deploying, and accrediting new capabilities for fielding in operational DoD environments. For CMMC, our team of SMEs has been trained and certified as Assessors (able to assess/certify) and primed as Registered Practioners (able to prepare for assessment), with significant expertise supporting NIST 800-171 compliance efforts for our defense industrial base clients.


Risk Management Framework

Get Results!

“Let us help you through this complex process so you can focus on what your business does best!”

Risk Management Framework

NIST SP 800-37 rev2 Risk Management Framework (RMF), is a widely used framework within the DoD and its supporting industry partners. Most agencies within the DoD have their own interpretation of RMF that results in unique implementation requirements and processes to achieve such compliance.

As our cybersecurity expertise stems from supporting DoD organizations, La Jolla Logic is very familiar with Defense Counterintelligence and Security Agency (DCSA), Navy, Air Force, Army, Military Sealift Command (MSC) and Department of Homeland Security (DHS) implementation requirements for RMF as well as has vast contacts and trusted reputation with the accreditation authorities.

All these separate agencies have their own unique set of requirements and preferences; La Jolla Logic has worked with these organizations for many years in achieving and maintaining Authority to Operate (ATO) status for individual and enterprise-level systems under DITSCAP, DIACAP, and RMF.  Our engineers leverage this in-depth knowledge to help our industry colleagues achieve ATO under RMF for their organizations, products, systems, and/or facilities.

Your company can leverage our expertise in a manner that best suits your needs.  Use us to develop and monitor the entire RMF package through submission and to ATO, responding to all correspondence from the agency on your behalf or we can function as consultants to guide and train your team and assist with all or some portions of the package- you choose!

Let us help you through this complicated process so you can focus on what your business does best!