What is NIST 800-171?
NASA, GSA, and DoD require contractors to comply with specific cybersecurity requirements in NIST SP 800-171. These standards specify the proper manner in which covered defense information (CDI) or controlled unclassified information (CUI) must be handled and protected.
To whom does it apply?
This mandate applies to all prime and subcontractors doing business with NASA, GSA, and the Department of Defense. If you don’t handle CDI/CUI you must still get an exception and may still need to comply with some parts of NIST SP 800-171.
What are the penalties for non-compliance?
Failure to comply may subject contractors to penalties either by the United States Government (e.g., criminal, civil, administrative, and contractual actions in law), or by people or private organizations impacted by related failures (e.g., actions for damages).
Phase I: 1 week Hardware, Software, and Installation
A combination of private servers and open source or commercial software solutions is implemented to meet the NIST 171 security standards.
Phase II: 1 week Documentation and Training
An organization System Security Plan (SSP) and Plan Of Action & Milestones (POA&M) shall be created based on the fourteen families of security controls detailed in NIST 171.
Phase III: Ongoing NIST 800-171 compliance and IT Support
Ongoing consulting and services required to maintain NIST 800-171 compliance including technical support to the organization.
Full NIST 800-171 Compliance in 2 weeks!
SIGN UP FOR A FREE GAP ASSESSMENT TODAY! A 45 minute phone session to identify the various gaps in your IT system. You will then recieve a customized proposal with a price quote and timeline for NIST 800-171 compliance. Note: Please have someone knowledgeable of your IT system present on the call.
“SOS provided a flexible and comprehensive DFARS compliance solution that offered the custom focus that I was looking for. ” - Jeff deGuzman, CEO Advanced Computer Support, Inc.
“I have been in the IT industry for nearly 30 years, but I am a novice when it comes to the regulatory cybersecurity compliance. SOS has been a great organization to partner with to help train us in those areas." -Joe Bond, CEO Dynamic Management Associates
“We consider SOS our business partner and one of our main resources for data security. We believe an organizations of any size would benefit from working with them.” - Mark Caldwell, General Manager MASSA