Being a contractor with the U.S. Department of Defense, the client sought to meet their DFARS 252.204-7012, 252.204-7019, and DFARS 252.204-7020 cybersecurity requirements. The client had a relatively complex environment consisting of cloud-based servers, Windows endpoints, and Mac Endpoints.

We performed a security assessment against the NIST SP 800-171 framework of security controls and calculated the client’s summary level or SPRS score. We then created the client’s system security plan and their plan of action and milestones document.

The next step was to create all of the policies and procedures needed to meet NIST SP 800-171 requirements. This included creating the information security policy, incident response plan, CUI handling procedures, configuration management plan, and various forms such as system access request forms and visitor sign in sheets. After creating the policies, they were reviewed and approved by the client’s executive management. We also setup an issue tracker to document all work and configuration changes.

Next, we configured the client’s Microsoft 365 environment to meet NIST SP 800-171 requirements using the guidance recommended by the center for internet security. This ensured that the appropriate file labelling, sharing restrictions, auditing, and access control settings were all in place. The Microsoft 365 environment was now sufficiently secured so as to store CUI.

Next, using Microsoft Endpoint Manager we created configuration profiles for Windows, Mac, Android, and iOS devices and incrementally deployed them to all endpoints. We adjusted the profile settings as required to meet the client’s operation requirements while maintaining compliance.

The customer was able to satisfy their DFARS related NIST SP 800-171 requirements and prepare for their upcoming CMMC certification.

The core of nVision is product development for real-time electronic systems for military, law enforcement, and civilian application. They are subject matter experts in laser rangefinders, wind measurement systems, signal processing, and more.