Skip to main content
IntellecTechs

Cybersecurity Boutique

IntellecTechs has created a Cyber Boutique which offers various compliance and system security based cybersecurity services . The Cyber Boutique offers innovative and cost-effective solutions for networks, platforms, weapons systems and enterprise networks.

nist@intellectechs.com
757.962.2487

Schedule a Consultation
Certifications

NIST 800-171 Compliance

Highly Specialized Cyber Services Offered:

  • Digital Forensics & Malware Analysis
  • System Security Engineering (Platform, Weapons System, Satellite, One-Off)
  • Program Protection Planning (AT, PPIP, PPP)
  • Automotive Cybersecurity
  • IV&V/ Test & Evaluation (OT&E, DT&E Support)
  • Software Assurance
  • Cross Domain
  • COMSEC/TRANSEC Engineering
  • Cloud Based Security
  • Cyber Incident Response
  • Cyber Intelligence Analysis

Cybersecurity Compliance Services Offered:

  • NIST (800-171, 800-53)
  • DFARS 252.204-7012 (Safeguarding Covered Defense Information & Cyber Incident Reporting)
  • CMMC (Cyber Maturity Model Certification)
  • UK Cyber Essentials Certification
  • FEDRAMP
  • Program Protection Planning

What is NIST 800-171, CMMC and the DFARS Cybersecurity Clauses?

The National Institute of Standards and Technology (NIST)  published the Defense Federal Acquisition Regulation Supplement (DFARS), to establish requirements in regards for properly handling and protecting Controlled Unclassified Information (CUI).

The primary goal of NIST 800-171 is to protect Government information and reduce the risk of security breaches that involve CUI. The publication covers:

  1. When CUI is being stored, accessed, or managed in nonfederal information systems and organizations. For example, if a government agency using a third-party application stores CUI in it, NIST 800-171 requirements apply.
  2. When a nonfederal system or organization is not collecting, maintaining, or utilizing the CUI.
  3. When the CUI category does not have any specific regulations, policies, or laws in place to protect confidentiality.

The Department of Defense is working with the Defense Industrial Base (DIB) sector to develop the Cyber Maturity Model Certification (CMMC) to ensure appropriate protections are put in place within contractor networks to protect controlled unclassified information (CUI). The CMMC will have multiple maturity levels which range from “Basic Cybersecurity Hygiene” to “Advanced” which will be identified in RFP sections L & M and will graded by the Government Procurement Authorities with a “Go/No-Go” decision.  CMMC combines numerous cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and other industry best security practices and standards into one unified standard for cybersecurity.  CMMC v1.0 will be finalized January 2020 and published for public release.

  1. The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
  2. The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  3. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  4. The intent is for certified independent 3rd party organizations to conduct audits and inform risk.

The DFARS 252.204-7012 (Safeguarding Covered Defense Information & Cyber Incident Reporting) states that The Contractor shall implement NIST SP 800-171, as soon as practical, but not later than December 31, 2017. For all contracts awarded prior to October 1, 2017, the Contractor shall notify the DoD Chief Information Officer (CIO), via email at osd.dibcsia@mail.mil, within 30 days of contract award, of any security requirements specified by NIST SP 800-171 not implemented at the time of contract award. Upon contract award the winning company is required to submit a System Security Plan (SSP) and a current Plan of Actions & Milestones (POA&M).

  1. The Contractor shall submit requests to vary from NIST SP 800-171 in writing to the Contracting Officer, for consideration by the DoD CIO. The Contractor need not implement any security requirement adjudicated by an authorized representative of the DoD CIO to be nonapplicable or to have an alternative, but equally effective, security measure that may be implemented in its place.
  2. If the DoD CIO has previously adjudicated the contractor’s requests indicating that a requirement is not applicable or that an alternative security measure is equally effective, a copy of that approval shall be provided to the Contracting Officer when requesting its recognition under this contract.
  3. If the Contractor intends to use an external cloud service provider to store, process, or transmit any covered defense information in performance of this contract, the Contractor shall require and ensure that the cloud service provider meets security requirements equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline (https://www.fedramp.gov/resources/documents/) and that the cloud service provider complies with requirements in paragraphs (c) through (g) of this clause for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis, and cyber incident damage assessment.

The Cyber Incident Reporting section to the DFARS clause identifies the requirements for reporting cyber incidents to DOD within 72 hours via DIBNET http://dibnet.dod.mil. The clause identifies a cybersecurity incident as a breach of security protocols which impacts, compromises or endangers the Controlled Defense Information held on the contractors systems and/or networks.  The clause covers Supply Chain Management and the importance of implementing sound practices to protect Covered Defense Information. Cloud Services are also covered and the requirement for ensuring FEDRAMP certification to the Moderate level and ompliance with the  DOD Cloud Computing Security Requirements Guide (SRG).

NIST 800-171 Consultation

Schedule an Appointment

NIST 800-171 does not require an internal IT team for compliance. An expert DFARS consultant can assist with any part of the process.

IntellecTechs has the internal security systems and policies that are necessary for keeping CUI safe. You will not have to start from scratch when you can use existing solutions for these processes.

NIST 800-171 Requirements

NIST 800-171 Requirements

The security requirements identified in NIST 800-171 are comprised of 14 Security Control Families, in the upcoming SP00-171v2 enhanced security requirements will provide a more granular approach to securing contractor networks and systems from compromise.  These security controls are a blend of technical implementation on servers and user operating environments complemented by policy and procedures which outline how compliance was achieved.

 

There are 14 cybersecurity areas required to be compliant with NIST 800-171:

  1. Access Control
  2. Awareness and Training
  3. Auditing and Accountability
  4. Configuration Management
  5. Identification and Authentication
  6. Incident Response
  7. Media Protection
  8. Personnel Security
  9. Physical Protection
  10. Risk Assessment
  11. Security Assessment
  12. System and Communications Protection
  13. System and information integrity

Why IntellecTechs?

  • Cybersecurity Subject Matter Expertise
  • Responsive Management
  • We Deliver on Our Promises
  • Customer Focused
  • High Ethical Standards
  • Results Oriented
Corporate Data
  • Virginia corporation established 2008
  • DCAA-approved Accounting System
  • Top Secret Facility Clearance
  • ISO 9001-2015 Certified
  • CAGE: 5A3Y0
  • DUNS: 828850458
  • NAICS:
    • 541513 – Computer FacilitiesManagement Services
    • 238210 – Electrical / Wiring Installation
    • 541330 – Engineering Services
    • 561110 – Office Administrative Services
    • 611430 – Professional Management Development Training

Who We Serve

  • Information Technology Support Services
  • Enterprise Information Systems
  • Cyber Security Services
  • Network Communications
  • Audio Visual Support
  • Information Technology Service Desks
  • Forensic Media
  • Mission Support
  • Learning Management System
  • Education Support Services
  • Instructor Services
  • Asset Management
  • Language Service Case Management
  • Software/Agile Development

Partners

Play Video
Learn More About IntellecTechs

Positive Results

Schedule a NIST Compliance consultation today by filling out the form below:

IntellecTechs makes the compliance process simple and cost-effective for your organization by conducting a Cyber Risk Assessment and identifying areas for improvement and developing the required core artifacts and the complimentary policies and procedures. Please contact us at HACK@intellectechs.com or nist@intellectechs.com to schedule an assessment!

195 South Rosemont Road
Suite 103
Virginia Beach, VA 23452
757.962.2487
844.962.2485