DFARS meets NIST Compliance
The Defense Federal Acquisition Regulation Supplement (DFARS) mandates defense contractors to become compliant with NIST SP 800-171 by December 31st 2017. The NIST Special Publication 800-171, Protecting Unclassified Information in Nonfederal Information Systems and Organizations, defines security controls required by DFARS to safeguard Controlled Unclassified Information (CUI) and Covered Defense Information (CDI). DFARS requires non-federal organizations who provide services to the Department of Defense (DoD) to complete a NIST SP 800-171 assessment within 30 days of being awarded a DoD contract.
The DFARS NIST 800-171 Compliance Process
Documentation Review
Preliminary review of security documentation
Security Assessment
Assessment of NIST 800-171 requirements and security controls
Assessment Deliverables
Security assessment completion and security assessment deliverables
DFARS Security Documentation Service
We provide expert consulting services for customers who seek to develop and document a DFARS compliant security package. DASATECH offers development of the following key security documents:
FIPS 199 Security Categorization Documentation
DASATECH will categorize your system based on NIST 800-60 information types and FIPS 199
Policies and Procedures
Policies and Procedures documentation that address the requirements of NIST security controls
System Security Plan (SSP)
System Security Plan development and documentation adhering to DFARS requirements
Incident Response Plan (IRP)
IRP development and Documentation
System Description
System description and network architecture documentation
Additional Security Services
Vulnerability Scanning, Penetration Testing, and Configuration Settings
Rules of Behavior (ROB)
Rules of Behavior development
Information System Contingency Plan (ISCP)
ISCP development and documentation
Configuration Management Plan (CMP)
CMP development and documentation
Privacy Threshold/Privacy Impact Assessment (PTA/PIA)
Privacy threshold and Privacy Impact assessment and documentation
Continuous Monitoring (ConMon)
Continuous Monitoring Program development and management. Stay ahead of the game!
NIST 800-171 Assessment Service
Initially, DASATECH conducts a preliminary security assessment of documentation to determine your company’s level of compliance with NIST 800-171 requirements. This documentation review provides us with a clear picture of were your gaps are and what the best starting point would be. Following the documentation review, we proceed with the assessment of NIST 800-171 requirements and provide the following deliverables after completion of the assessment project:
- Security Assessment Report (SAR).
- Plan of Action and Milestones (POA&M) with remediation recommendations for non-complaint security controls and vulnerability scan findings.