CMMC / DFARS NIST 800-171 Compliance Services

Are you really DFARS 252.204.7012/NIST 800-171 compliant now?  

Are you getting ready for CMMC?

Do you have a roadmap to transition from DFARS/NIST 800-171 to CMMC?

The Clock is Ticking. Will you be able to keep your existing DoD contracts or be able to bid or sub on New DoD contracts? 

• All DoD contracts will require CMMC compliance and third-party certification in FY2021.

• DoD contractors must meet CMMC standards to hold selected DoD contracts starting in Summer 2020.

DoD leadership is profoundly concerned about contractor cybersecurity and protecting DoD supply chains from cyber attack is a top priority.

DoD stated that traditional measures of contractor performance cost, schedule and quality are insufficient to measure contractor cyber security.  Limited adoption of NIST 800-171 self-certification standards prompted the DoD to seek third-party auditor verification that contractors adopt and maintain an appropriate level of cyber security.

By developing an auditable process, the Cybersecurity Maturity Model Certification (CMMC), DoD mandates measurable standards for third-party verified cyber security for all contractors.

See latest update on CMMC on our Blog page.

NIST 800-171 Compliance and CMMC Assessment Services:

A leader in NIST 800-171 compliance support, LP3 offers a fixed price NIST 800-171 assessment to include a System Security Plan, POA&M, and a roadmap plan to get your company to CMMC compliance in time to continue to receive DoD contract awards.

Services include all documents required for DFARS/NIST 800-171 Compliance Now!

• Draft System Security Plans (SSP)
• Plan of Action & Milestone (POA&M) Report on gaps and mitigations
• Draft policies cross-referenced to CMMC & NIST SP 800-171 RMF Controls
• Executive Summary and Final Report on Compliance (ROC)
• Also includes a Draft CMMC Roadmap customized to achieve CMMC L3 compliance over the next 12 month!

Additional Compliance Support Services

In order to maintain your current compliance status, there are several  CMMC/NIST 800-171 practices/controls that need to be maintained on a periodic basis.  The following cost-effective services have been developed by LP3 specifically for small and medium businesses to meet these requirements:

• – External Penetration and Internal Penetration Testing
• – Internal Credentialed Vulnerability Scanning
• – Staff Security Awareness Assessment/Training (Including Phishing, Vishing, testing)
• – Virtual CISO (V-CISO) consulting services

List of CMMC/NIST 800-171 Practices/Controls References Supported by LP3 Services:

Security Assessment (CA) Practices

• Periodically assess controls in organizational systems to determine if the controls are effective.   (ID: 3.12.1, CA.2.158 )
• Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.   (ID: 3.12.2, CA.3.159)
• Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: 3.12.3, CA.3.161 )
• Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.  (ID: 3.12.4, CA.2.157)

System & Information Integrity (SI) Practices

• Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed.  (ID: 3.14.5, SI.1.213)

Audit & Accountability (AU) Practices

• Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: 3.3.6, AU.3.052)

Awareness & Training (AT) Practices

• Provide security awareness training on recognizing and reporting potential indicators of insider threat.  (ID: 3.2.3, AT.3.058)

Contact LP3. We will be glad to help you make an informed decision on cyber security for your organization.