NIST SP 800-171

Small Business, Big Compliance - NIST SP 800-171

Learn how we helped a DoD contractor meet DFARS NIST SP 800-171 compliance requirements.
Join our newsletter:

Client Objectives

Being a contractor with the U.S. Department of Defense, the client sought to meet their DFARS 252.204-7012, 252.204-7019, and DFARS 252.204-7020 cybersecurity requirements. The client had a relatively complex environment consisting of cloud-based servers, Windows endpoints, and Mac Endpoints.

What We did

We performed a security assessment against the NIST SP 800-171 framework of security controls and calculated the client’s summary level or SPRS score. We then created the client’s system security plan and their plan of action and milestones document.
The next step was to create all of the policies and procedures needed to meet NIST SP 800-171 requirements. This included creating the information security policy, incident response plan, CUI handling procedures, configuration management plan, and various forms such as system access request forms and visitor sign in sheets. After creating the policies, they were reviewed and approved by the client’s executive management. We also setup an issue tracker to document all work and configuration changes.
Next, we configured the client’s Microsoft 365 environment to meet NIST SP 800-171 requirements using the guidance recommended by the center for internet security. This ensured that the appropriate file labelling, sharing restrictions, auditing, and access control settings were all in place. The Microsoft 365 environment was now sufficiently secured so as to store CUI.
Next, using Microsoft Endpoint Manager we created configuration profiles for Windows, Mac, Android, and iOS devices and incrementally deployed them to all endpoints. We adjusted the profile settings as required to meet the client’s operation requirements while maintaining compliance.

The Result

The customer was able to satisfy their DFARS related NIST SP 800-171 requirements and prepare for their upcoming CMMC certification.

About the Customer

The core of nVision is product development for real-time electronic systems for military, law enforcement, and civilian application. They are subject matter experts in laser rangefinders, wind measurement systems, signal processing, and more.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More