Login
Menu

DFARS NIST 800-171 Compliance Service - DASA Technical Services, LLC

Home / Information Security Services / DFARS NIST 800-171 Compliance Service

DFARS meets NIST Compliance

The Defense Federal Acquisition Regulation Supplement (DFARS) mandates defense contractors to become compliant with NIST SP 800-171 by December 31st 2017. The NIST Special Publication 800-171, Protecting Unclassified Information in Nonfederal Information Systems and Organizations, defines security controls required by DFARS to safeguard Controlled Unclassified Information (CUI) and Covered Defense Information (CDI). DFARS requires non-federal organizations who provide services to the Department of Defense (DoD) to complete a NIST SP 800-171 assessment within 30 days of being awarded a DoD contract.

DASATECH’s extensive experience with FedRAMP and FISMA requirements is able to help your organization achieve DFARS compliance by building and documenting your security documentation or by performing a security assessment of your organization’s information system.

The DFARS NIST 800-171 Compliance Process

Documentation Review

Preliminary review of security documentation

Security Assessment

Assessment of NIST 800-171 requirements and security controls

Assessment Deliverables

Security assessment completion and security assessment deliverables

DFARS Security Documentation Service

We provide expert consulting services for customers who seek to develop and document a DFARS compliant security package. DASATECH offers development of the following key security documents:

FIPS 199 Security Categorization Documentation

DASATECH will categorize your system based on NIST 800-60 information types and FIPS 199

Policies and Procedures

Policies and Procedures documentation that address the requirements of NIST security controls

System Security Plan (SSP)

System Security Plan development and documentation adhering to DFARS requirements

Incident Response Plan (IRP)

IRP development and Documentation

System Description

System description and network architecture documentation

Additional Security Services

Vulnerability Scanning, Penetration Testing, and Configuration Settings

Rules of Behavior (ROB)

Rules of Behavior development

Information System Contingency Plan (ISCP)

ISCP development and documentation

Configuration Management Plan (CMP)

CMP development and documentation

Privacy Threshold/Privacy Impact Assessment (PTA/PIA)

Privacy threshold and Privacy Impact assessment and documentation

Continuous Monitoring (ConMon)

Continuous Monitoring Program development and management. Stay ahead of the game!

NIST 800-171 Assessment Service

Initially, DASATECH conducts a preliminary security assessment of documentation to determine your company’s level of compliance with NIST 800-171 requirements. This documentation review provides us with a clear picture of were your gaps are and what the best starting point would be. Following the documentation review, we proceed with the assessment of NIST 800-171 requirements and provide the following deliverables after completion of the assessment project:

  • Security Assessment Report (SAR).
  • Plan of Action and Milestones (POA&M) with remediation recommendations for non-complaint security controls and vulnerability scan findings.