In simple terms, the NCP gives you everything you need to comply with NIST 800-171 – cybersecurity policies, standards, procedures, a System Security Plan (SSP) and a Plan of Action & Milestones (POA&M).
Affordable NIST 800-171 Compliance Documentation
The NCP is comparable to the NIST 800-171 Compliance Bundle #1 that provides the NIST 800-53 based version of these products, but offers a price break of over $700!
ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:
- NIST 800-171 Compliance Program – Microsoft Word document that addresses NIST 800-171 policies and standards.
- Cybersecurity Standardized Operating Procedures (CSOP) – Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
- System Security Plan (SSP) – Microsoft Word document that is a simplified version of our SSP product.
- NIST 800-171 Cybersecurity Program Mapping – Microsoft Excel document that contains several components:
- Plan of Action & Milestones (POA&M) template.
- Mapping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
- Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
- Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
- Cybersecurity Awareness Training – Microsoft PowerPoint template to provide cybersecurity awareness training.
The NCP is designed for companies that do not need or want to use the NIST 800-53 framework to manage NIST 800-171 compliance needs. This can significantly reduce complexity for companies that need to comply with NIST 800-171.
What Problem Does The NCP Solve?
- Lack of In House Security Experience – Most smaller contractors lack expertise in NIST 800-171. Tasking your managers, IT personnel or security staff to research and write comprehensive documentation is not a wise use of their time. The NCP is an efficient method to obtain comprehensive compliance documentation that can be implemented by either your in-house staff or outsourced IT vendor. Most small contractors cannot afford tens of thousands of dollars in consultant fees to help become compliant with NIST 800-171, so the NCP is designed with affordable compliance in mind to give your business the NIST 800-171 compliance documentation it needs.
- Compliance Requirements – NIST 800-171 is a reality for companies in scope for DFARS and FAR. The NCP is designed with compliance in mind, since it focuses on reasonably-expected security requirements to address the NIST 800-171 controls. The documentation contained in the NCP gives you everything you need to comply with NIST 800-171 from policies to standards to procedures to templates for your System Security Plan (SSP) and Plan of Action & Milestones (POA&M).
- Audit Failures – Without being able to demonstrate compliance with NIST 800-171, your organization will likely lose government contracts – it is as simple as that. The NCP is a tool that can jump start your organization towards being compliant with NIST 800-171 requirements.
- Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The NCP can provide this evidence!
How Does The NCP Solve It?
- Clear Documentation – The NCP comes in editable Microsoft Office format (e.g., Word, Excel and PowerPoint), so it is customizable for your needs.
- Time Savings – The time savings are immense, as compared to writing something equivalent of the NCP yourself or hiring a consultant to write it for you!
- Alignment With Leading Practices – The NCP has direct mapping to several leading cybersecurity frameworks, including:
- NIST 800-53
- ISO 27002
- NIST Cybersecurity Framework (CSF)
- NIST 800-160
- Secure Controls Framework (SCF)