Managed DFARS/NIST 800-171 Compliance

The Challenge

Staying Competitive in the DoD Acquisition Process

In order to do business with the Department of Defense, your business must meet certain cybersecurity requirements, which help safeguard your IT infrastructure and that of the DoD. This mandate, DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, requires contractors to implement National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 1, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.

Meeting these cybersecurity requirements is no longer voluntary for primes and subcontractors. Moving forward necessitates the right resources, technical expertise, and diligence.

Solution

Achieve DFARS/NIST 800-171 Compliance

CyberSheath has deep understanding of DFARS/NIST 800-171. We have worked with the DoD for more than a decade through every iteration of this requirement – from voluntary to the current mandatory state. We are experts in right-sizing the security requirements to enable your business to stay competitive in the DoD acquisition process.

Whatever your environment, we have seen it, secured it, and made it DFARS compliant. Our DoD prime and subcontractor customers cover a broad range of environments including manufacturing, laboratories, foreign-owned subsidiaries, traditional offices, and cloud-based environments.

Business Benefit

CyberSheath: Your Managed Security Service Provider

We provide a comprehensive suite of services to help your organization secure and maintain compliance including:

  • Assessments – These documented, actionable annual compliance assessments provide a benchmark against all 110 NIST 800-171 security requirements.
  • System Security Plans (SSP) and Addendums – Once compliance gaps are identified, we build a blueprint to help you address your cybersecurity deficiencies.
  • Documented Plans of Action & Milestones (POA&Ms) – Our dedicated program management leadership helps close non-compliant control gaps and achieve full compliance.
  • Third-Party Risk Management – We document and validate the security of your subcontractors, suppliers, and vendors, and demonstrate compliance with DFARS 252.204-7012.
  • Dedicated Engineering Support – Our technical experts excel at implementing all 110 security controls including Multi-Factor Authentication, Incident Response, and more.
  • Centralized 24x7x365 Security Operations Center (SOC) – Our capabilities include SIEM, Network IDS, Host IDS, File Integrity Monitoring, Vulnerability Assessment, and Real-time Security Intelligence including correlation directives, IDS signatures, NIDS signatures and Asset fingerprints. We also offer a full suite of compliance reporting for HIPAA, NIST 800-171, SOC 2 GDPR, PCI DSS, and more.
  • Cyber Incident Detection and Reporting – From identifying compromised computers, servers, specific data, and user accounts through remediation and reporting, CyberSheath ensures you mitigate threats and maintain compliance.
  • Cloud Computing Services – We implement and maintain administrative, technical, and physical safeguards and controls with the security level and services required in accordance with the Cloud Computing Security Requirements Guide (SRG).