The deadline to be DFARS 225.204-7012/NIST 800-171 compliant is now just a scant 34 days away and a lot of the companies who are contacting us have not even started yet. Don’t panic, but if you have not gotten started on NIST compliance, do not wait any longer. Here are three small things to help get you going.
- NIST SP 800-171 itself can be found here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf The requirements section begins on page 9. There are 109 of these requirements total, starting in section 3.1, and ending in section 3.14. Take all 109 requirements, copy them into a spreadsheet, and starting answering how your IT enterprise will meet them. Better yet, download our FREE NIST 800-171 checklist here: https://www.strongholdcybersecurity.com/dfars-compliance-nist-compliance/ With a few pros who are knowledgeable in your IT and your business operations, you should be able to get through the NIST requirements in a few days.
- Next, you will need a System Security Plan (SSP), also sometimes called an Information Systems Security Plan (ISSP). A sample SSP can be found right on the NIST website, here: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf The SSP template can be found on page 27 of this document.
- Lastly, NIST compliant businesses will need what is known as a POA&M (Plan of Action and Milestones). The Federal Government knows that not every business can meet all 109 security requirements before the end of this year, but the government does expect you to have a plan to become compliant in a “reasonable” amount of time. Several of the large defense contractors are or will be on a POA&M for various reasons. The Defense Security Service (DSS) has a simple example POA&M located here: http://www.dss.mil/documents/rmf/POAM.xlsx
If you need help, Stronghold Cyber Security can do your entire NIST project for you, from security baselining to full scope documentation. Uniquely tailored NIST compliance packages are available, and we also offer NIST compliance consulting, a minimum 4 hour requirement. Contact us here at 1-888-277-8320 to set up a consultation or reach out to us at on our Contact Page so we can get started working together to get you to become compliant before the NIST deadline on December 31, 2017.