DoD contractors have until December 31, 2017 to fully implement the NIST 800-171 (DFARS) controls.
We can help you get there in 60 days.

Does NIST 800-171 apply to my organization?

If your organization is a Federal Government contractor including DoD or has business with the Federal Government Department of Defense, YES, NIST 800-171 applies to your organization.  Department of Defense contractors must comply with DFAR 252.204-7012 ‘Safeguarding Covered Defense Information and Cyber Incident Reporting’ requirements in addition to NIST 800-171.

DoD contractors have until December 31, 2017 to fully implement the NIST 800-171 controls.

What is NIST 800-171?

NIST 800-171 is for “non-federal entities”, such as contractors, institution of higher learning such as Universities, Research Institutes and any other entity that receives federal funds/grants or stores/process/transmit federal data.  NIST 800-171 are new security requirements that contractors should already have in place.  It provides standardized and uniform sets of requirements for all CUI (Controlled Unclassified Information) security needs that are used by non-federal systems.  The goal of NIST 800-171 is to address deficiencies in the management and protection of unclassified information.  Documentation and evidence as to how you are protecting CUI is required to show compliance.

NIST 800-171 Controls

Access Control Incident Response Risk Assessment
Awareness and Training  Maintenance Security Assessment
Audit and Accountability Media Protection System and Communications Protection
Configuration Management Personnel Security
Identification and Authentication Physical Protection


How can XentIT help your organization become NIST 800-171 compliant?

  • Create an incident response plan (IRP) to meet DFAR 252.204-7012 which includes the DoD 72-Hour Reporting for Cyber Incidents and Compromises & NIST 800-171
  • Create a system security plan (SSP) and keep it updated as security posture changes
  • Develop security policies and procedures
  • Maintain an architecture diagram and component inventory
  • Install, configure, and manage security related devices and software, such as Anti-Malware, Endpoint Encryption (Laptops and Desktops), Mobile Device Management, etc.
  • Log Storage and Management
  • Daily Log Analysis as part of continuous monitoring and mitigation support using industry leading SIEM.
  • Firewall management
  • SSL VPN Management support
  • Vulnerability Scanning and Patch Management (Quarterly and ad hoc when a new vulnerability advisory is issued)