Doing business with the US Department of Defense requires small businesses to protect of Controlled Unclassified Information (CUI) through NIST 800-171 compliance and eventually to obtain Cybersecurity Maturity Model Certification (CMMC).
Government contractors who fail to protect the confidentiality, integrity, and availability of CUI according to NIST 800-171 standards will fail their CMMC assessment and risk the loss of existing contracts or the ability to remain competitive on future contract bids.
What are the NIST 800-171 Requirements?
The National Institute of Standards and Technology (NIST) developed a Special Publication that lists safeguards for protecting controlled unclassified information (CUI). These NIST 800-171 requirements for government contractors are broken down into 14 compliance families which contain 110 individual requirement statements (controls) and translate into over 300 assessment objectives.
If your organization currently executes a DoD contract, plans on proposing to DoD contracts in the future, or is part of a DoD subcontract/vendor team, you need to start now to align the technical, managerial, and operational facets of your information system to the NIST 800-171 standard.
Check out our NIST 800-171 Compliance Checklist
NIST 800-171 families
- Access Control
- Awareness and Training
- Auditing and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communication Protection
- System and Information Integrity
NIST 800-171/CMMC Solutions for DoD Contractors
As a small business DoD contractor, Totem has spent the last decade understanding and implementing requirements such as these. Now we want to help other small businesses become NIST 800-171 compliant and pass a CMMC assessment.
Our NIST 800-171/CMMC online workshop as well as our cybersecurity assessment and compliance tools will help guide your organization toward success.
NIST 800-171/CMMC Online Workshops
Our virtual classes are led by Totem’s team of seasoned cybersecurity experts, who themselves work for a small business prime DoD contractor. These classes set the participant off on the right foot to develop an Information Technology System Security Plan (SSP) commensurate with current DFARS 252.204-7012 requirements (that require implementing the NIST 800-171 controls) and future CMMC assessment processes. Participants will also learn how to comply with the incident response and reporting requirements for DoD contractors.
NIST 800-171/CMMC Gap Assessments
The Totem team conducts Security Gap Assessments on small business DoD contractors’ organizations. We measure these assessment results against the NIST 800-171 and CMMC requirements and help develop custom policies that fit your organization’s needs. We’ll also provide a compliant System Security Plan and a road map (Plan of Action and Milestones – POA&M) for the technical implementations that need to be completed.
NIST 800-171/CMMC Compliance Management Software
Totem™ Cybersecurity Compliance Management Tool helps you stay organized with a full array of documentation, templates, and status reports to provide evidence of your organization’s cybersecurity compliance. Totem™ is set up to manage your compliance needs based upon the NIST 800-171 or CMMC requirements and creates policies and procedures tailored to your organization and required level of compliance.
Other Cybersecurity Consulting Services
If you’re required to implement the NIST 800-171 or CMMC security controls, Totem offers a full range of cybersecurity consulting services and solutions to help you achieve DFARS compliance. Contact Us to discuss options to achieve your cybersecurity compliance goals.