NIST 800-171 Security Program, Operating Procedures, Compliance Criteria with Incident Response Program



 NIST 800-171 Compliance Criteria (NCC)

  • This is our “consultant in a box” NIST 800-171 checklist in an editable Microsoft Excel format.
  • Each of the NIST 800-171 controls from Appendix D is mapped to its corresponding NIST 800-53 control.
  • Each of the NIST 800-53 controls are broken down to identify:
    • Reasonably-expected criteria to address the control.
    • Applicable compliance guidance;
    • Methods to address the requirement; and
    • Status of compliance for each control so you can use it for a self-assessment.
  • The NCC also covers Appendix E Non-Federal Organization (NFO) controls.
  • The NCC maps into the WISP and DSP products, so they work in concert together for helping you comply with NIST 800-171.

NIST-Based Written Information Security Program

  • NIST 800-53 based cybersecurity policies & standards in an editable Microsoft Word format.
  • The WISP addresses the “why?” and “what?” questions in an audit, since policies and standards form the foundation for your cybersecurity program.
  • Each of the NIST 800-53 rev4 families has a policy associated with it, so there is a total of 26 policies.
  • Under each of the policies are standards that support those policy statements. These standards equate to the moderate control set from NIST 800-53 rev 4, which is needed for NIST 800-171.

NIST Cybersecurity Standardized Operating Procedures Template (CSOP)

  • The NIST version of the CSOP is a template for procedures. This is an expectation that companies have to demonstrate HOW cybersecurity controls are actually implemented.
  • This is an editable Microsoft Word document.
  • Given the difficult nature of writing templated procedure statements, we aimed for approximately a “80% solution” since it is impossible write a 100% complete cookie cutter procedure statement that can be equally applied across multiple organizations. What this means is ComplianceForge did the heavy lifting and you just need to fine-tune the procedure with the specifics that only you would know to make it applicable to your organization. It is pretty much filling in the blanks and following the helpful guidance that we provide to identify the who/what/when/where/why/how to make it complete.
  • The NIST CSOP is mapped to NIST 800-171, NIST 800-53, and other requirements.

Cybersecurity Incident Response Program (CIRP)

Most companies have requirements to document its incident response processes, but they lack the knowledge and experience to undertake such documentation efforts. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with a compliance requirement. In either situation, it is not a good place to be. The good news is that developed a viable incident response program that is based on NIST 800-61 guidance, which is the “gold standard” for incident response frameworks. This document is capable of scaling for any sized company. Regardless of your industry, there are generally statutory, regulatory or contractual requirements to manage cybersecurity vulnerabilities and failing to manage these risks could leave your company liable from non-compliance.

  • The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
  • This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
  • In summary, this addresses fundamental needs when it comes to incident response requirements:
  • Defines the hierarchical approach to handling incidents.
  • Categorizes eleven different types of incidents and four different classifications of incident severity.
  • Defines the phases of incident response operations, including deliverables expected for each phase.
  • Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
  • Defines the scientific method approach to incident response operations.
  • Provides guidance on how to write up incident reports (e.g., lessons learned).
  • Provides guidance on forensics evidence acquisition.
  • Identifies and defines Indicators of Compromise (IoC).
  • Identifies and defines sources of evidence.
  • The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
  • This helps provide evidence of due care in how your company handles cybersecurity incidents.
  • The CIRP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.