NIST 800-171 Assessment Service

NIST 800-171 DFARS Compliance Made Easier


As a contractor or sub-contractor to government agencies and organizations, due to Executive Order 13556 you must now provide documentation and evidence as to how you are protecting Controlled Unclassified Information (CUI) in order to show DFARS compliance.

This proof comes in the form of a security assessment based on National Institute of Standards Technology (NIST) Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations. Contractors affected by this mandate must be assessed and then implement security measures in order to continue to do business with governmental agencies and organizations after December 2017.

This means you must prove compliance by December 2017, or you can lose government contracts.

Government mandates and NIST 800-171 compliance can be time-consuming and confusing. Sword & Shield Enterprise Security NIST 800-171 Assessment Service takes the burden off you so you can continue to do your business.

Value to Your Business

Sword & Shield is immersed in various compliance frameworks (NIST, HIPAA, PCI, SANS, CSC 20, ISO, etc.) on a daily basis. Our expertise makes us uniquely qualified to understand and relate these requirements to your business in order to identify gaps and recommend how to fill them.

Our NIST 800-171 Assessment Service provides the following value to you:

  • Saves you the time and stress of working through the framework.
  • Provides clarity for the NIST 800-171 compliance requirements and gives guidance on how to mitigate deficiencies.
  • Provides an objective and knowledgeable view of how the requirements affect your organization.

NIST Assessment Service for DFARS Compliance: What’s Included

Sword & Shield performs the following tasks in order to evaluate your NIST 800-171 compliance readiness:

  • Perform a gap analysis utilizing the NIST 800-171 publication as guidance. NIST 800-171 specifies a subset of NIST 800-53 moderate level controls to be assessed from the following NIST control groups:
    • Access Control
    • Awareness and Training
    • Audit and Accountability
    • Configuration Management
    • Identification and Authentication
    • Incident Response
    • Maintenance
    • Media Protection
    • Personnel Security
    • Physical Protection
    • Risk Assessment
    • Security Assessment
    • System and Communications Protection
    • System and Information Integrity
  • Produce a gap analysis report that compares the baseline technical controls in place today against the 800-171/NIST 800-53 moderate control level requirements.
  • Provide you with a detailed remediation roadmap that can be used as a guide for remediating your control gaps. The roadmap will be categorized based on order of criticality of findings.
  • Assess your multi-factor authentication (MFA) process to be certain it meets the requirements as set forth in NIST 800-131 3.5.3 and 3.7.5.

Datasheet Download

NIST 800-171 Assessment Service

Fast Track Your NIST 800-171 DFARS Compliance

Request a Free Consultation for our NIST 800-171 Assessment Service.