Description

• This is our “consultant in a box” NIST 800-171 checklist in an editable Microsoft Excel format.
• Each of the NIST 800-171 controls from Appendix D is mapped to its corresponding NIST 800-53 control.
• Each of the NIST 800-53 controls are broken down to identify:
  • Reasonably-expected criteria to address the control.
  • Applicable compliance guidance;
  • Methods to address the requirement; and
  • Status of compliance for each control so you can use it for a self-assessment.
• The NCC also covers Appendix E Non-Federal Organization (NFO) controls.
• The NCC maps into the WISP and DSP products, so they work in concert together for helping you comply with NIST 800-171.

NIST 800-171 Compliance Criteria

We listened to our customers and we created this product, based on the demand. We had an overwhelming request from companies to help them become NIST 800-171 compliant” Most have told use they do not know where to start, but they just know that this is a requirement they cannot run from. Both DFARS and FAR point to NIST 800-171 as the expectation for contractors to protect Controlled Unclassified Information (CUI).

Comprehensive NIST 800-171 Compliance Criteria

If you are starting off on the journey to comply with NIST 800-171, then our NIST 800-171 Compliance Criteria (NCC) solution is a cost-effective and practical option. The NCC is an affordable and versatile tool that can serve several roles:

• Guidebook to walk through each NIST 800-171 control requirement
• Tool to perform a detailed gap assessment
• Plan of Action & Milestones (POA&M)

The NCC can stand alone or be paired with other specialized products we offer to help you achieve compliance with NIST 800-171.

If you can use Microsoft Excel, then you can use the NCC to understand your requirements for compliance with NIST 800-171. There is no magic to it – it is a fully-editable Excel spreadsheet that contains exactly what a consultant will tell you:

• NIST 800-53 rev4 mapping to NIST 800-171 requirements.
• Reasonably-expected criteria to address the NIST 800-53 control.
• Applicable “best practice” guidance on what steps you need to take to be compliant.
• Self-assessment options to track where you are compliant and what needs work.
• Use it as a check-list when you walk through with your auditor.
• Edit if for your needs to show controls that are not applicable to your business model.

What Is The NIST 800-171 Compliance Criteria (NCC)?

The NCC product is considered a “consultant in a box” product to provide consultant-level guidance on how to comply with NIST 800-171. What do you get if you buy the NIST 800-171 Compliance Criteria (NCC) product?

• The NCC is a “consultant in a box” solution that is essentially a NIST 800-171 checklist in an editable Microsoft Excel format.
  • The NCC covers all controls in Appendix D of NIST 800-171.
  • It also covers Appendix E Non-Federal Organization (NFO) controls, which are required by contractors.
• Each of the NIST 800-171 controls is mapped to its corresponding NIST 800-53 control.
• Each of the NIST 800-53 controls are broken down to identify:
  • Reasonably-expected criteria to address the control.
  • Applicable compliance guidance;
  • Methods to address the requirement; and
  • Status of compliance for each control so you can use it for a self-assessment.
• The NCC maps into the Written Information Security Program (WISP) and Digital Security Program (DSP) products, so they can work in concert together to make it easier to comply with NIST 800-171 since your organization can have NIST-based policies and standards to support NIST 800-171 compliance efforts.

 What Problem Does The NCC Solve?

• Lack of In House Security Experience – Most prime and sub-contractors lack specialized expertise in NIST 800-171. Tasking your managers, IT personnel or security staff to research and write comprehensive documentation is not a wise use of their time. The NCC is an efficient method to obtain comprehensive guidance on NIST 800-171 compliance requirements. Most small contractors cannot afford tens of thousands of dollars in consultant fees to help become compliant with NIST 800-171. The NCC is designed with affordable compliance in mind, since it focuses on clearly calling out reasonably-expected security requirements, as well as possible technology solutions, where applicable.
• Compliance Requirements – NIST 800-171 is a reality that companies in scope for DFARS and FAR. The NCC is designed with compliance in mind, since it focuses on reasonably-expected security requirements to address the NIST 800-171 controls. You can even use the NCC as a Plan of Action & Milestones (POA&M) to identify and track control deficiencies.
• Audit Failures – Without being able to demonstrate compliance with NIST 800-171, your organization will likely lose government contracts – it is as simple as that. The NCC is a tool that can jump start your organization towards being compliant with NIST 800-171 requirements.
• Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The NCC can provide this evidence!

How Does The NCC Solve It?

• Clear Documentation – The NCC is a Microsoft Excel spreadsheet, so it is editable for your needs. It provides not only guidance, but a method to track compliance. This can be helpful when filtering requirements to focus on the areas that need help.
• Time Savings – The time savings are immense, as compared to writing something equivalent of the NCC yourself or hiring a consultant to write it for you!
• Alignment With Leading Practices – The NCC is written to align your organization with NIST 800-53 rev4, since that is what all the NIST 800-171 Appendix D and E controls map to!