NIST 800-171 Security Program, Operating Procedures and Compliance Criteria



 NIST 800-171 Compliance Criteria (NCC)

  • This is our “consultant in a box” NIST 800-171 checklist in an editable Microsoft Excel format.
  • Each of the NIST 800-171 controls from Appendix D is mapped to its corresponding NIST 800-53 control.
  • Each of the NIST 800-53 controls are broken down to identify:
    • Reasonably-expected criteria to address the control.
    • Applicable compliance guidance;
    • Methods to address the requirement; and
    • Status of compliance for each control so you can use it for a self-assessment.
  • The NCC also covers Appendix E Non-Federal Organization (NFO) controls.
  • The NCC maps into the WISP and DSP products, so they work in concert together for helping you comply with NIST 800-171.

NIST-Based Written Information Security Program

  • NIST 800-53 based cybersecurity policies & standards in an editable Microsoft Word format.
  • The WISP addresses the “why?” and “what?” questions in an audit, since policies and standards form the foundation for your cybersecurity program.
  • Each of the NIST 800-53 rev4 families has a policy associated with it, so there is a total of 26 policies.
  • Under each of the policies are standards that support those policy statements. These standards equate to the moderate control set from NIST 800-53 rev 4, which is needed for NIST 800-171.

NIST Cybersecurity Standardized Operating Procedures Template (CSOP)

  • The NIST version of the CSOP is a template for procedures. This is an expectation that companies have to demonstrate HOW cybersecurity controls are actually implemented.
  • This is an editable Microsoft Word document.
  • Given the difficult nature of writing templated procedure statements, we aimed for approximately a “80% solution” since it is impossible write a 100% complete cookie cutter procedure statement that can be equally applied across multiple organizations. What this means is ComplianceForge did the heavy lifting and you just need to fine-tune the procedure with the specifics that only you would know to make it applicable to your organization. It is pretty much filling in the blanks and following the helpful guidance that we provide to identify the who/what/when/where/why/how to make it complete.
  • The NIST CSOP is mapped to NIST 800-171, NIST 800-53, and other requirements.