NIST 800-171 Assessment and Compliance
NIST SP 800-171 is a NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012. If a manufacturer is part of a DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain, the implementation of the security requirements included in NIST SP 800-171 is a must.
LP3 provides a fixed cost NIST -800-171 Assessment in which we will deliver:
• NIST 800-171 System Security Plan (SSP)
• NIST 800-171 Plan Of Action & Milestone (POA&M)
• CMMC Level 2 Remediation Proposal
• Assistance in setting up DoD Supplier Performance Risk System and SPRS score entry
At the end of the engagement, you will be NIST 800-171 compliant denoted in SPRS and have a roadmap for CMMC Level 2 (CMMC Version 2.0). The POA&M will be the guide to any CMMC L2 remediation that maybe required. NIST 800-171 compliance is a requirement today.
Cybersecurity Maturity Model Certification (CMMC V2)
We are pleased to announce that the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) has certified LP3 as a Register Provider Organization (RPO). LP3 is certified to provide advice, consulting, and recommendations for the Cybersecurity Maturity Model Certification to their clients. This is just the first step LP3 is investing in to be your agnostic and trusted CMMC advisor.
The CMMC-AB establishes and oversees a qualified, trained, and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification (CMMC) Program.
The CMMC Model itself is created and managed by the DoD. Official information is available at https://www.acq.osd.mil/cmmc/index.html
A leader in CMMC compliance support, LP3 offers a fixed price CMMC 2.0 assessments which include a required System Security Plan (SSP), Plan of Action & Milestone (POA&M), and SPRS support and Score to get your company to CMMC compliance in time to continue to receive DoD contract awards.
Services include all documents required for DFARS/NIST 800-171 Compliance Now!
· System Security Plans (SSP)
· Plan of Action & Milestone (POA&M): Report on gaps and remediation information
· Supplier Performance Risk System (SPRS): Registration Support & Associated Compliance Score
· Draft policies cross-referenced to associated CMMC practices
· CMMC 2.0 Remediation Roadmap customized to achieve CMMC Level 1 or Level 2 compliance over the next 2 to 6 months
Additional Support Services
In order to maintain your current compliance status, there are several CMMC/NIST 800-171 practices/controls that need to be maintained on a periodic basis. The following cost-effective services have been developed by LP3 specifically for small and medium businesses to meet these requirements:
· External Penetration and Internal Penetration Testing
· Internal Credentialed Vulnerability Scanning
· Staff Security Awareness Assessment/Training (Including Phishing, Vishing, testing)
· Virtual CISO (V-CISO) consulting services