Are you really DFARS/NIST 800-171 compliant? All DoD contracts require compliance now.
DoD leadership is profoundly concerned about contractor cybersecurity and protecting DoD supply chains from cyber attack is a top priority.
DoD has stated that traditional measures of contractor performance cost, schedule and quality are insufficient to measure contractor cyber security. Limited adoption of NIST 800-171 self-certification standards prompted the DoD to seek third-party auditor verification that contractors adopt and maintain an appropriate level of cyber security.
By developing an auditable process, the Cybersecurity Maturity Model Certification (CMMC), DoD mandates measurable standards for third-party verified cyber security for all contractors.
All DoD contractors must meet CMMC standards in order to hold a DoD contract starting in FY2021.
A leader in NIST 800-171 compliance support, LP3 offers a fixed price NIST 800-171 assessment to include a System Security Plan, POA&M, and a roadmap plan to get your company to CMMC compliance in time to continue to receive DoD contract awards.
Compliance Assessment Deliverables:
- Draft System Security Plans (SSP)
- Plan of Action & Milestone (POA&M) Report on gaps and mitigations
- Draft policies cross-referenced to CMMC & NIST SP 800-171 RMF Controls
- Draft CMMC Roadmap customized to achieve CMMC L3 compliance over the next 12 months
- Executive Summary and Final Report on Compliance (ROC)
Compliance Support Services
- External Penetration and Internal Penetration Testing
- Internal Credentialed Vulnerability Scans
- Staff Security Awareness Assessment/Training (Including Phishing, Vishing, testing)
- Virtual CISO (V-CISO) consulting services on all customer inquiries/questionnaires
Continuous Monitoring (ConMon) Services
In order to maintain your current compliance status, there are several controls within the CMMC/ NIST 800-171 Framework that need to be maintained on a Periodic basis. The following cost-effective services have been developed by LP3 for small and medium businesses to meet these requirements.
These services are:
Re-assessment of Current CMMC/NIST 800-171 Controls
- Periodically assess controls in organizational systems to determine if the controls are effective. (ID: 3.12.1)
- Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. (ID: 3.12.2)
- Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: 3.12.3)
- Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. (ID: 3.12.4)
System and Information Integrity Controls
- Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed. (ID: 3.14.5)
Audit and Accountability Controls
- Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: 3.3.6)
Awareness and Training Controls
- Provide security awareness training on recognizing and reporting potential indicators of insider threat. (ID: 3.2.3)
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.