NIST 800-171 Assessment Service

NIST Compliance for Contractors and Sub-Contractors

As a contractor or sub-contractor to government agencies and organizations, due to Executive Order 13556 and The Code of Federal Regulations (CFR) 52.204-21 you must now provide documentation and evidence as to how you are protecting Controlled Unclassified Information (CUI) in order to show FAR/DFARS compliance.

This proof comes in the form of a security assessment based on National Institute of Standards Technology (NIST) Special Publication 800-171, Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.

Companies that hold contracts with the federal government or that supply materials, products or goods for a federal contract must be assessed and then implement security measures in order to do business with governmental agencies and organizations either directly or indirectly.

This means you cannot be put on new contracts and could be released from current contracts if you are not compliant.

If you have received a Corrective Action Report (CAR) from a government agency or prime contractor, you will be required to provide a Plan of Action and Milestones (PoAM) stating the actions you will take to become compliant.

Sword & Shield Enterprise Security’s NIST 800-171 Assessment Service takes the burden off you so you can continue to do your business. We assess your NIST 800-171 compliance status and provide a detailed remediation roadmap to help get you where you need to be.

NIST Compliance Expertise

Sword & Shield is immersed in various compliance frameworks (NIST, HIPAA, PCI, SANS, CSC 20, ISO, etc.) on a daily basis. Our expertise makes us uniquely qualified to understand and relate these requirements to your business in order to identify gaps and recommend how to fill them.

Our NIST 800-171 Assessment Service provides the following value to you:

• Saves you the time and stress of working through the framework.
• Provides clarity for the NIST 800-171 compliance requirements and gives guidance on how to mitigate deficiencies.
• Provides an objective and knowledgeable view of how the requirements affect your organization.

NIST Assessment Service for DFARS Compliance: What’s Included

Sword & Shield performs the following tasks in order to evaluate your NIST 800-171 compliance readiness:

• Perform a gap analysis utilizing the NIST 800-171 publication as guidance. NIST 800-171 specifies a subset of NIST 800-53 moderate level controls to be assessed from the following NIST control groups:
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance

  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity
• Produce a gap analysis report that compares the baseline technical controls in place today against the 800-171/NIST 800-53 moderate control level requirements.
• Provide you with a detailed remediation roadmap that can be used as a guide for remediating your control gaps. The roadmap will be categorized based on order of criticality of findings.
• Assess your multi-factor authentication (MFA) process to be certain it meets the requirements as set forth in NIST 800-131 3.5.3 and 3.7.5.