NIST Compliance: The Elephant in the Room

By now, nearly every CTO / IT Manager for a US Government contracting company knows that they need to comply with NIST 800-171 as part of that government contract process.

For many months now, it’s been the ever-growing ‘elephant in the room’.

The good news is that starting the documentation process is easier, faster and cheaper than you may think.

Yes, there are 110 specific NIST 800-171 requirements, each of which may be 4-10 actions to satisfy and pass a cyber audit. And yes, some aspects may require a cybersecurity expert to help you choose and configure the best solution for your 800-171 compliance needs. But the first step is simple: perform a gap assessment between your system, and the NIST 800-171 standards.

The NIST 800-171 Documentation from CyberConfirm is a great way to get started.

But you may have heard that the DoD CMMC (Cybersecurity Maturity Model Certification) is coming soon. So should I wait?

The clear answer is NO. Get compliant with NIST 800-171 via your SSP & POAM now.

While we’ve been reviewing and providing feedback to the CMMC framework, the final version of formal release 1.0 is scheduled for the beginning of 2020. After that (barring later revisions), there will be RFPs to set up the organizational structure for companies to manage the certification entities, then that selection process, and contract award, potential challenges, final award, setup of infrastructure, certification of initial CMMC-reviewing entities, etc., all before any review or certification of your infrastructure is possible.

Meanwhile, the ‘elephant in the room’ is that your company is still liable, still at-risk, and still needing to strengthen and improve your cybersecurity to comply with NIST 800-171.

Furthermore, NIST 800-171 will be part of CMMC. So while the end-specific requirements for CMMC may change from what’s included in NIST 800-171, CyberConfirm helps you to get your SSP and POAM in-place now. That way, regardless of what happens in 9-15 months, you can start your cybersecurity compliance and begin 2020 with a clean slate of SSP+POAM-certified compliance.

Why risk an audit by your Contracting Officer that could result in your losing contracts and even criminal liability?

For guidance on fastest and most cost-effective way for you to build your compliant SSP and POAM, the NIST 800-171 compliance package is available for only $395. Plus it includes a year’s worth of updates as NIST guidance changes.

Don’t risk the consequences from that elephant…