ComplianceForge is pleased to announce the launch of a new product, the NIST 800-171 Compliance Program (NCP). This product is streamlined for smaller organizations that want to avoid any additional complexities associated with complying with NIST 800-171. The NCP is a "mini bundle" made up of several pared-down ComplianceForge products to specifically address NIST 800-171 compliance.
In simple terms, the NCP gives you everything you need to comply with NIST 800-171 - cybersecurity policies, standards, procedures, a System Security Plan (SSP) and a Plan of Action & Milestones (POA&M).
ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:
- NIST 800-171 Compliance Program - Microsoft Word document that addresses NIST 800-171 policies and standards.
- Cybersecurity Standardized Operating Procedures (CSOP) - Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
- System Security Plan (SSP) - Microsoft Word document that is a simplified version of our SSP product.
- NIST 800-171 Cybersecurity Program Mapping - Microsoft Excel document that contains several components:
- Plan of Action & Milestones (POA&M) template.
- Mapping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
- Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
- Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
- Cybersecurity Awareness Training - Microsoft PowerPoint template to provide cybersecurity awareness training.
The NCP is designed for companies that do not need or want to use the NIST 800-53 framework to manage NIST 800-171 compliance needs. This can significantly reduce complexity for companies that need to comply with NIST 800-171.
To help visualize NIST 800-171, this graphic helps break down the basic approach to what is needed to comply with the various NIST 800-171 Controlled Unclassified Information (CUI) controls: