NIST 800-171 "Easy Button" - Compliance for Small & Medium Businesses

Posted by ComplianceForge on Aug 8th 2018

ComplianceForge is pleased to announce the launch of a new product, the NIST 800-171 Compliance Program (NCP). This product is streamlined for smaller organizations that want to avoid any additional complexities associated with complying with NIST 800-171. The NCP is a "mini bundle" made up of several pared-down ComplianceForge products to specifically address NIST 800-171 compliance. 

In simple terms, the NCP gives you everything you need to comply with NIST 800-171 - cybersecurity policies, standards, procedures, a System Security Plan (SSP) and a Plan of Action & Milestones (POA&M).

The NCP is comparable to the NCC Bundle #1 that provides the NIST 800-53 based version of these products, but offers a price break of over $700!

ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:

  • NIST 800-171 Compliance Program - Microsoft Word document that addresses NIST 800-171 policies and standards.
  • Cybersecurity Standardized Operating Procedures (CSOP) - Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
  • System Security Plan (SSP) - Microsoft Word document that is a simplified version of our SSP product.
  • NIST 800-171 Cybersecurity Program Mapping - Microsoft Excel document that contains several components:
    • Plan of Action & Milestones (POA&M) template.
    • Papping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
    • Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
    • Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
  • Cybersecurity Awareness Training - Microsoft PowerPoint template to provide cybersecurity awareness training.

The NCP is designed for companies that do not need or want to use the NIST 800-53 framework to manage NIST 800-171 compliance needs. This can significantly reduce complexity for companies that need to comply with NIST 800-171.

To help visualize NIST 800-171, this graphic helps break down the basic approach to what is needed to comply with the various NIST 800-171 Controlled Unclassified Information (CUI) controls: