Department Federal Acquisition Regulations Supplement (DFARS) clause 252.204-7012 / NIST 800-171 compliance requirements are needed to bid on DoD contracts.  Starting in July of 2020, the DoD will start Auditing companies for compliance to up to 5 different Cybersecurity Maturity Model Certification (CMMC) Levels.  LP3 is helping numerous small and medium sized businesses comply with these mandatory compliance requirements in multiple industries.

We tailor our support to your needs with service plans targeted for small to medium size businesses and their budgets.  We execute quickly and efficiently with repeatable proven processes and documentation templates to keep costs down.  Our staff have been performing Compliance Assessment in the DoD Intelligence and Commercial industry for the past 20 years.  LP3 can provide the cyber security services you need to be DFARS compliant and keep those DoD contracts coming in!

DFARS/NIST 800-171/CMMC Compliance Assessment Deliverables:

• Assessment of Risk Management Framework (RMF) Regulatory Controls.
• Draft policies cross-referenced to NIST SP 800-171 RMF Controls
• Draft System Security Plans (SSP)
• External Penetration and Internal Resource Scans
• Uncover exposed risk areas for possible exploitation
• Internal system scan for internal vulnerabilities
• Executive Summary and Final Report on Compliance (ROC)
• Plan of Action & Milestone (POA&M) Report on gaps and mitigations
• CISO and V-CISO consulting services on all customer inquiries/questionnaires

Ongoing Compliance Services

In order to maintain you current compliance status, there are a number of controls within NIST SP 800171 that need to be maintained on a yearly basis.  The following services have been developed by LP3 to meet these requirements that are very cost affective for small and medium businesses. These services are:

Risk Management Framework (RMF) Controls

• Periodically assess controls in organizational systems to determine if the controls are effective.   (ID: 3.12.1)
• Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.   (ID: 3.12.2)
• Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: 3.12.3)
• Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.  (ID: 3.12.4)

System and Information Integrity Controls

• Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed.  (ID: 3.14.5)

Audit and Accountability Controls

• Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: 3.3.6)

Awareness and Training Controls

• Provide security awareness training on recognizing and reporting potential indicators of insider threat.  (ID: 3.2.3)

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.