NIST 800-171 Compliance Bundle #1 (20% Discount)
This is bundle is basically the same as NIST 800-171 Compliance Bundle #3 , but is tailored for small and medium businesses that do not want the added complexity of NIST 800-53 alignment.
Cost Savings Estimate - NIST 800-171 Bundle #1
When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing this bundle from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:
- For your internal staff to generate comparable documentation, it would take them an estimated 920 internal staff work hours, which equates to a cost of approximately $69,000 in staff-related expenses. This is about 9-12 months of development time where your staff would be diverted from other work.
- If you hire a consultant to generate this documentation, it would take them an estimated 520 contractor work hours, which equates to a cost of approximately $156,000. This is about 4-8 months of development time for a contractor to provide you with the deliverable.
- This bundle is approximately 3% of the cost for a consultant or 7% of the cost of your internal staff to generate equivalent documentation.
- We process most orders the same business day so you can potentially start working with the documentation the same day you place your order.
Products Included in NIST 800-171 Bundle #1
NIST 800-171 Compliance Program (NCP)
The NCP is comparable to the NIST 800-171 Compliance Bundle #3 that provides the NIST 800-53 based version of these products, but offers a price break of over $700! ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:
- NIST 800-171 Compliance Program - Microsoft Word document that addresses NIST 800-171 policies and standards.
- Cybersecurity Standardized Operating Procedures (CSOP) - Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
- System Security Plan (SSP) - Microsoft Word document that is a simplified version of our SSP product.
- NIST 800-171 Cybersecurity Program Mapping - Microsoft Excel document that contains several components:
- Plan of Action & Milestones (POA&M) template.
- Mapping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
- Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
- Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
- Cybersecurity Awareness Training - Microsoft PowerPoint template to provide cybersecurity awareness training.
Cybersecurity Incident Response Program (CIRP)
- The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
- This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
- In summary, this addresses fundamental needs when it comes to incident response requirements:
- Defines the hierarchical approach to handling incidents.
- Categorizes eleven different types of incidents and four different classifications of incident severity.
- Defines the phases of incident response operations, including deliverables expected for each phase.
- Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
- Defines the scientific method approach to incident response operations.
- Provides guidance on how to write up incident reports (e.g., lessons learned).
- Provides guidance on forensics evidence acquisition.
- Identifies and defines Indicators of Compromise (IoC).
- Identifies and defines sources of evidence.
- The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
- This helps provide evidence of due care in how your company handles cybersecurity incidents.
- The CIRP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.