Description

In simple terms, the NCP gives you everything you need to comply with NIST 800-171 –  cybersecurity policies, standards, procedures, a System Security Plan (SSP) and a Plan of Action & Milestones (POA&M).

Affordable NIST 800-171 Compliance Documentation

The NCP is comparable to the NIST 800-171 Compliance Bundle #1 that provides the NIST 800-53 based version of these products, but offers a price break of over $700!

ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:

• NIST 800-171 Compliance Program – Microsoft Word document that addresses NIST 800-171 policies and standards.
• Cybersecurity Standardized Operating Procedures (CSOP) – Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
• System Security Plan (SSP) – Microsoft Word document that is a simplified version of our SSP product.
• NIST 800-171 Cybersecurity Program Mapping – Microsoft Excel document that contains several components:
  • Plan of Action & Milestones (POA&M) template.
  • Mapping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
  • Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
  • Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
• Cybersecurity Awareness Training – Microsoft PowerPoint template to provide cybersecurity awareness training.

The NCP is designed for companies that do not need or want to use the NIST 800-53 framework to manage NIST 800-171 compliance needs. This can significantly reduce complexity for companies that need to comply with NIST 800-171.

What Problem Does The NCP Solve?

• Lack of In House Security Experience – Most smaller contractors lack expertise in NIST 800-171. Tasking your managers, IT personnel or security staff to research and write comprehensive documentation is not a wise use of their time. The NCP is an efficient method to obtain comprehensive compliance documentation that can be implemented by either your in-house staff or outsourced IT vendor. Most small contractors cannot afford tens of thousands of dollars in consultant fees to help become compliant with NIST 800-171, so the NCP is designed with affordable compliance in mind to give your business the NIST 800-171 compliance documentation it needs.
• Compliance Requirements – NIST 800-171 is a reality for companies in scope for DFARS and FAR. The NCP is designed with compliance in mind, since it focuses on reasonably-expected security requirements to address the NIST 800-171 controls. The documentation contained in the NCP gives you everything you need to comply with NIST 800-171 from policies to standards to procedures to templates for your System Security Plan (SSP) and Plan of Action & Milestones (POA&M).
• Audit Failures – Without being able to demonstrate compliance with NIST 800-171, your organization will likely lose government contracts – it is as simple as that. The NCP is a tool that can jump start your organization towards being compliant with NIST 800-171 requirements.
• Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The NCP can provide this evidence!

How Does The NCP Solve It?

• Clear Documentation – The NCP comes in editable Microsoft Office format (e.g., Word, Excel and PowerPoint), so it is customizable for your needs.
• Time Savings – The time savings are immense, as compared to writing something equivalent of the NCP yourself or hiring a consultant to write it for you!
• Alignment With Leading Practices – The NCP has direct mapping to several leading cybersecurity frameworks, including:
  • NIST 800-53
  • ISO 27002
  • NIST Cybersecurity Framework (CSF)
  • NIST 800-160
  • Secure Controls Framework (SCF)