

01
What We Do
We help organizations build cybersecurity into their day-to-day practices, and comply with applicable cybersecurity regulations
We help contractors for the federal government meet NIST SP 800-171 and DFARS 202.254-7012 requirements
02
Why cybersecurity is Needed
The Internet was created for Department of Defense (DoD) and trusted partners, like universities and research institutions
At the time, it was inconceivable that in future everybody would use the Internet. Therefore, access controls weren’t built into the Internet
03
The Result
The Internet doesn’t check the identity or intent of people using it. Anyone can use The Internet
Cyber crime is pervasive, impacting: countries, government, counties, states, businesses, cities, other organizations, educational institutions and individuals
Click Here For Brochure
“Mother always told me not to talk to strangers”
Times have changed…
-
The entire world is online
-
Can easily do things that are not safe when connected to the Internet
-
Hackers constantly find new ways to exploit vulnerabilities on the Internet, often anonymously and from afar
-
It’s hard to imagine the magnitude of the dangers

What do you have to do to be
NIST SP 800-171 compliant?
1
Evaluate compliance with NIST SP 800-171 security control families
2
Perform Gap Analysis
3
Minimize scope of covered data and systems
4
Create and review System Security Plan (SSP)
5
Create and review Plan of Action and Milestones (POAM)
6
Report gaps and POAM to Buyer in accordance with contractual obligations
7
Meet requirements for prompt reporting of cyber incidents on DIBNET website
8
Flow down requirements to covered subcontractors

We Guide You Through Every Step!

Methodology
01/
Identify
security roles, and scope of covered data and systems
02/
Assess
staff knowledge and awareness of NIST 800-171 and organizational security requirements
03/
Analyze
staff, organizational, and system strengths, weaknesses, opportunities, and threats (SWOT) to support comprehensive risk and security assessments
04/
Develop
System Security Plan (SSP), Plan of Action and Milestones (POAM), and policies and procedures, as needed
05/
Plan
training curriculum and covered topics
06/
Train
staff according to scope of influence, role, responsibilities, policies and procedures
07/
Document
evaluation and training results
08/
Evaluate
staff and system performance against benchmarks


