NIST 800-171 and CMMC 2.0
Network Titan can assure your company is NIST 800-171 and CMMC 2.0 compliant. We remove the CMMC guesswork for DoD contractors in San Diego, so your company meets the over 100 mandated requirements in 14 different key areas of the Special Publication NIST 800-171 and the (currently evolving) CMMC 2.0 certification levels. Compliance in some form will be necessary to conduct business with the federal government directly, or as a sub-contractor that supplies products or services to the federal government (DoD, GSA, NASA, etc.).
With the increased threat and need for cybersecurity, you already know you must be “NIST” compliant if you provide products or services within the federal government supply chain, but what exactly does this mean?
WHAT IS THE SPECIAL PUBLICATION NIST 800-171 r3 ?
NIST is the National Institute of Standards and Technology at the US Department of Commerce and the Special Publication 800-171 (currently undergoing a 3rd revision) governs Controlled Unclassified Information (CUI) in non-federal information systems and organizations and provides guidance as to how CUI should be accessed, shared and stored. As a supplier or sub-contractor to any federal organization, such as the military, you must now assess and document specific security measures that demonstrate your compliance in 14 key areas required in the NIST 800-171 standard.
WHAT ARE THE 14 KEY AREAS of NIST 800-171 ?
- Access Control: User and transaction authorization and security.
- Awareness and Training: All personnel are adequately trained in security-related duties.
- Audit and Accountability: Access records individually traceable to all users.
- Configuration Management: Network and security protocols and documentation.
- Identification and Authentication: Authorized user identification with multifactor authentication.
- Incident Response: Incident reporting process and notification (DFARS 252.204-7012) capability.
- Maintenance: Information Systems maintenance routine and control.
- Media Protection: Control access and secure hard copy, digital and portable media.
- Personnel Security: Individual screening prior, during and after personnel actions.
- Physical Protection: Protect and monitor access to IS, equipment and operating environments.
- Risk Assessment: Periodic testing to simulate and monitor Information Systems vulnerability.
- Security Assessment: Periodic testing to demonstrate effective and current IS control.
- System and Communications Protection: 14 security requirements; monitor, control and protect.
- System and Information Integrity: Identify, report and correct IS alerts and flaws.
WHAT IS THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) ?
CMMC is not NIST 800-171. Although there is some overlap (NIST 800-171 is a foundational component), CMMC 2.0 is distinctly different than NIST 800-171. CMMC 2.0 is a combination of cybersecurity standards, controls, processes and practices. CMMC 2.0 can be considered a series of procurement check points that contractors must pass through. It's "how" they handle NIST 800-171 controls in their organization. NOTE: Revisions for the SP 800-171 are currently taking place which affects CMMC.
Contact Network Titan today to talk to an experienced CMMC consultant or schedule your NIST/CMMC Readiness Cybersecurity Risk Assessment.