COMPLIANCE

NIST Overview
Schedule Your Assessment

NIST Overview

Getting your company in compliance shape for NIST 800-171, with the looming December 31, 2017, deadline enforced by the U.S. Department of Defense (DoD), is much like training for a marathon. If your company or organization contracts for the government, you must implement all of the security requirements and controls outlined in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171—Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations—by mile marker 12-31-17. If you don’t, you risk losing your contracts, costing your organization millions of dollars in lost revenue:

“…the covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. . .” The Contractor shall implement NIST SP 800-171, as soon as practical, but not later than December 31, 2017…”

-Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012

The required SP 800-171 controls include:

  •  Access Control
  • Audit and Accountability
  • Awareness and Training
  • Configuration Management
  •  Identification and Authentication
  • Incident Response
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment & Authorization
  • System and Communications Protection
  • Three exceptions include: (i) CP-9 from the contingency planning family; (ii) a requirement to develop and implement a system security plan (derived from PL-2) from the planning family; and (iii) a requirement to implement system security engineering principles (derived from SA-8).
At STN, we understand DFARS 252.204-7012 compliance and how it can help your business become more secure. We have the expertise to help you achieve and maintain compliance.

Our methodology is based on the NIST Risk Management Framework and Best Practice. We provide the following services:

  • Gain a comprehensive understanding of DFARS 252.204-7012 and what it takes to comply. We focus on architectural changes, policies, procedures, security plans, and technologies that are required for a mature secure program.
  • Set organizational expectations for compliance through key stakeholder education and buy-in.
  • Provide decision-makers with a Roadmap/Strategy outlining the corrective actions required for achieving and maintaining compliance.
  • Results include a clear picture of compliance costs, timelines, resources (internal and external) required to achieving and maintaining compliance.
  • Independent Risk Assessment: Conduct 3rd party assessments to validate the various safeguards implemented during the remediation phase of the project. Service is provided to clients who have not worked with STN on remediation activities.
  • Conduct compliance and operational continuous monitoring activities.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up with your name and email address below to receive our newsletter!

Get in touch

Schedule your risk-free consultation.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2021 STN Inc. All Rights Reserved.