NIST 800-171 Cybersecurity Assessment

Today, the federal government relies on many external service providers to help execute varying federal missions and business functions using state-of-the-practice information systems. Many federal contractors routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies. Additionally, federal information is frequently provided to or shared with entities such as State and local governments, colleges and universities, and independent research organizations.

As a contractor or sub-contractor to government agencies and organizations, due to Executive Order 13556, Controlled Unclassified Information, and The Code of Federal Regulations (CFR) 52.204-21, the 15 “basic” security controls, evidence of protecting Controlled Unclassified Information (CUI) must be provided to show FAR/DFARS compliance.

If you have received a Corrective Action Report (CAR) from a government agency or prime contractor, you will be required to provide a Plan of Action and Milestones (POA&M) stating the actions you will take to become compliant.

Elteni will supply you with a solution that covers everything you need, starting with your assessment to generating your Plan of Action and Milestones report.

Elteni will:

• Conduct a security baseline using control frameworks that serve as informative references to the NIST 800-171 assessment
• Perform the NIST 800-171 gap analysis across the 14 control families
• Provide a gap analysis report of where you stand relative to the NIST 800-171 standards
• Assist with the refinement of your System Security Plans (SSP)
• Produce a Plan of Action and Milestones (POA&M) report, and help you prioritize your remediation efforts