Primary objective of this assessment is to provide our clients with a Cybersecurity Compliance Review based on the National Institute of Standards and Technology (NIST) SP 800-171 “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations” to assist with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (7012) compliance.
We will also assist the client with the development of documentation required for continued compliance DFARS clause 7012 and the new interim DFARS clauses 7019-7021. Review processes, documentation efforts, and organizational discussions will also consider the new CMMC (Cybersecurity Maturity Model Certification) program guidelines.
A review will cover the 110 security requirements defined within the 14 security families of NIST SP 800-171 and the development of in-scope System Security Plan(s) (SSP) and Plan of Action and Milestones (POA&M).
- Identify gaps between current organizational policies, procedures, and processes compared to NIST SP 800-171
- Provide guidance and recommendations to allow for an effective approach to compliance with DFARS clause 252.204-7012