How Does CMMC Affect 171 Documentation?
CyberConfirm is already preparing for CMMC, and we built our NIST 800-171 software to roll right into it.
The NIST 800-171 documentation requirements will change to Cybersecurity Maturity Model Certification (CMMC) over time. CyberConfirm software was built future-proofed, so no effort is wasted. Export out the answers from any previously-completed 171 documentation. Import that data into the newly updated CMMC version for each document once they are released. Then edit any answers where your system settings have changed, answer the new questions required by the update, save and print.
CyberConfirm will cover CMMC Levels 1-5 with guidance that is pre-aligned to meet the auditing standards of the DoD. With these easy-to-implement updates, CyberConfirm is NIST-compliant today and CMMC-compliant in the future.
Will This Software Create an SSP and POA&M?
Yes! This software is built to follow the complete set of NIST 800-171 Requirements. The resulting SSP (Systems Security Plan) and POA&M (Plan of Actions and Milestones) produced by the software outline all of the steps and controls of those Requirements.
Does the Documentation Comply with DFARS?
Yes. Our NIST SP 800-171 guided-response package provides a summary of compliance status in response to the Defense Federal Acquisition Regulation Supplement (DFARS) clause 202.254-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting.”
DFARS Safeguarding rules and clauses are drafted for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. These rules provide a set of security controls for contractor information systems upon which this information resides.
The controls are based on the information security guidance in NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.”
What Companies Must Be NIST Compliant?
All Department of Defense (DoD) contractors and sub-contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards or risk losing their DoD contracts.
These security controls, as outlined in NIST SP 800-171, must be implemented at both the contractor and sub-contractor level for any company that supplies the DoD.
What are the System Requirements for CyberConfirm Software?
Get Adobe ReaderTo create the CyberConfirm documentation, an up-to-date version of Adobe Reader (FREE!) or Acrobat Pro must be installed on that device.
With PDF, nearly any device using the most common operating systems (Windows, MacOS, Linux) can be used to create the CyberConfirm compliance documentation.
Download the CyberConfirm .zip file after purchase, then open each of the CyberConfirm Requirement PDFs using Adobe Reader or Acrobat. Read the instructions provided then answer all of the questions asked within each PDF. Print when finished.
Will Implementing NIST Requirements Prevent a Hack?
No network configuration can guarantee cybersecurity or protection from hacking.
The goal of this CyberConfirm compliance software is to support and guide you to NIST 800-171 compliance. But even if your network is fully compliant, hackers never stop trying. And sometimes they can still succeed, regardless of current best-practices.
If you would like to work with a local cybersecurity expert to better defend your network, see our Cybersecurity Professionals index to search for an independent contractor in your area.
Will the Software Outline the Cybersecurity System Changes I Should Make?
The software outlines the best practices as published and recommended by NIST. It helps the user to create the documentation related to NIST compliance.
As a part of the overviews built into the Q&A, the software discusses each Requirement topic in detail. But the software does not make specific system recommendations, as there is no analysis of existing controls.
Thus, the user must decide what changes or practices/policies to implement using the information provided in the software along with outside reading and research.
Why Not Simply Use Info from the NIST Website as Documentation?
If you feel you have the knowledge and experience to create a workable, complete compliance document from scratch using only the information found on the NIST website, you might consider that option.
But the NIST website does not provide the language nor the details of what must be stated or how it must be stated to show compliance.
Using the software from CyberConfirm is far more simple option. The software is inexpensive, too. Plus the resulting documentation is far more likely to be accepted by the DoD.
The CyberConfirm software adds the value of language and logic from a U.S. Government-accredited cybersecurity auditor. Who better to draft a compliance document that is acceptable to an auditor than another auditor?
Through a simple Q&A process, the software guides you through options and actions that can or must be taken as part of NIST 800-171 compliance.
If you are not keenly aware of what those options and actions are, it will be difficult to create a compliance document using only the NIST website. And the software is far, far less expensive than hiring a cybersecurity expert to draft such a document for your company from scratch.
Can I Print the SSP and POA&M as a PDF?
Users can print the CyberConfirm compliance document pages to paper or as a PDF file if you have the commercial version of Adobe Acrobat.
CyberConfirm’s PDFs are data-locked by design, both for proper form functionality and to secure our product’s content.
‘Print to PDF’ is a function exclusive to Adobe Acrobat, that company’s commercial PDF creator.
‘Print to PDF’ is not a function of the free Reader.
CutePDF and other software available online is built as a work-around to Adobe’s products. These work-arounds do not always allow for ‘Print to PDF’ on data-locked files.
For access to ‘Print to PDF’ functionality, we suggest using Adobe Acrobat.
The standard version of CyberConfirm™ is licensed for a single end-user of the documentation software. For software licensed for a consultant or managed service provider on behalf of multiple clients, see the CyberConsultant PRO Package >