Call Us: +44 (20) 807-83811
Tailored for defense contractors needing rapid changes to implement and certify for NIST 800-171
Cybersecurity strategy development, management, and implementation
We develop all the documents, policies, and procedures and help your team implement them.
DFIR (Digital Forensics and Incident Response) – for insider and external threats
Physical and network asset security configuration and monitoring
Cybersecurity program planning and development
Cybersecurity risk management
Regulatory compliance support and monitoring
Raising team awareness of information security
Ask questions.
During the assessment, we will ask a lot of questions for our information-gathering phase.
Let your team ask the auditor questions in turn – and they better take notes!
We go the extra mile when discussing security controls.
“Do you have 2FA?” – most auditors expect a yes or no answer, mark it, and move on.
Not us!
We care if the 2FA you have in place is bypassable, and if so, we will suggest several more secure methods right there and then during the assessment.
Hacking attacks are like storms – we all experience them from time to time.
Hacking attacks are like storms – we all experience them from time to time.
This makes all the difference regarding the kind of impact a security breach could impose on your business
SaaS companies, software development companies, financial startups, and family offices – anyone can improve their business in many ways by integrating solid security principles at every level in your organization. You can see our SaaS Virtual CISO offering in AWS’s marketplace.
NIST 800-171 is a set of standards developed by the National Institute of Standards and Technology (NIST) in the United States. It provides guidelines for the protection of Controlled Unclassified Information (CUI) in non-federal systems and organizations.
CUI is information that requires safeguarding or dissemination controls pursuant to federal laws, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
Complying with NIST 800-171 is crucial for organizations that work with the U.S. federal government and handle, process, or have access to CUI. Non-compliance could lead to loss of federal contracts and legal implications.
NIST 800-171 covers 14 areas including access control, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, personnel security, physical protection, risk assessment, security assessment, system and communication protection, and system and information integrity.
A NIST 800-171 security assessment is a systematic review of an organization’s adherence to the standards set by NIST 800-171. It involves evaluating existing policies, procedures, and systems to identify areas of non-compliance and potential risk.
A third-party security consulting company, independent of the organization being assessed, typically conducts the NIST 800-171 security assessment. The team conducting the assessment will have expertise in NIST guidelines and cybersecurity.
The frequency of assessments can depend on various factors such as changes in organizational operations, technology, or the environment, and the results of continuous monitoring activities. However, it’s generally recommended to conduct a security assessment at least annually.
If issues are found during an assessment, the security consulting company will work with the organization to develop a Plan of Action & Milestones (POAM) to address these issues. The POAM outlines necessary actions, resources required, and timelines for remediation.
A NIST 800-171 security assessment helps organizations identify and mitigate cybersecurity risks, protect valuable information, comply with federal requirements, and potentially avoid costly data breaches. It also demonstrates to partners and customers that the organization is committed to security.
Preparing for a NIST 800-171 assessment involves reviewing the NIST 800-171 requirements, conducting a self-assessment of the current security controls, identifying gaps, and making necessary changes. It’s often beneficial to work with a security consulting company for guidance through this process.