Department Federal Acquisition Regulations Supplement (DFARS) clause 252.204-7012 / NIST 800-171 compliance requirements are needed to bid on DoD contracts.  LP3 is helping numerous small and medium sized businesses comply with the mandatory DFARS NIST 800-171 requirements for multiple industries.

We tailor our support to your needs with service plans targeted for small to medium size businesses and their budgets.  We execute quickly and efficiently with repeatable proven processes and documentation templates to keep costs down.  Our staff have been performing Compliance Assessment in the DoD Intelligence and Commercial industry for the past 18 years.  LP3 can provide the cyber security services you need to be NIST 800-171 compliant

DFARS/NIST 800-171 Compliance Assessment Deliverables:

• Assessment of Risk Management Framework (RMF) Regulatory Controls.
• Draft policies cross-referenced to NIST SP 800-171 RMF Controls
• Draft System Security Plans (SSP)
• External Penetration and Internal Resource Scans
• Uncover exposed risk areas for possible exploitation
• Internal system scan for internal vulnerabilities
• Executive Summary and Final Report on Compliance (ROC)
• Plan of Action & Milestone (POA&M) Report on gaps and mitigations
• CISO and V-CISO consulting services on all customer inquiries/questionnaires

Required Ongoing Assessment  Services

Risk Management Framework (RMF) Controls

• Periodically assess controls in organizational systems to determine if the controls are effective.   (ID: 3.12.1)
• Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.   (ID: 3.12.2)
• Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: 3.12.3)
• Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.  (ID: 3.12.4)

System and Information Integrity Controls

• Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed.  (ID: 3.14.5)

Audit and Accountability Controls

• Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: 3.3.6)

Awareness and Training Controls

• Provide security awareness training on recognizing and reporting potential indicators of insider threat.  (ID: 3.2.3)

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.