NIST 800-171 Compliance Bundle #5 (10% Discount)
This is bundle is basically the same as NIST 800-171 bundle #2, but is tailored for small and medium businesses that do not want the added complexity of NIST 800-53 alignment.
Products Included in NIST 800-171 Compliance Bundle #5
This package contains the NCP and the CIRP products:
NIST 800-171 Compliance Program (NCP)
The NCP is comparable to the NCC Bundle #1 that provides the NIST 800-53 based version of these products, but offers a price break of over $700! ComplianceForge took existing documentation and pared it down for smaller organizations that do not need or want the complexity of NIST 800-53 when complying with NIST 800-171. The NCP includes the following documents as part of its own unique bundle:
- NIST 800-171 Compliance Program - Microsoft Word document that addresses NIST 800-171 policies and standards.
- Cybersecurity Standardized Operating Procedures (CSOP) - Microsoft Word document that contains cybersecurity procedures that correspond to the policies and standards.
- System Security Plan (SSP) - Microsoft Word document that is a simplified version of our SSP product.
- NIST 800-171 Cybersecurity Program Mapping - Microsoft Excel document that contains several components:
- Plan of Action & Milestones (POA&M) template.
- Mapping from the NCP to NIST 800-171, NIST 800-53, NIST 800-160, ISO 27002 and NIST CSF.
- Methods to comply with NIST 800-171 (essentially a pared down NIST 800-171 Compliance Criteria (NCC) spreadsheet)
- Roles and responsibilities (corresponds to the Cybersecurity Standardized Operating Procedures)
- Cybersecurity Awareness Training - Microsoft PowerPoint template to provide cybersecurity awareness training.
Cybersecurity Incident Response Program (CIRP)
- The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
- This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
- In summary, this addresses fundamental needs when it comes to incident response requirements:
- Defines the hierarchical approach to handling incidents.
- Categorizes eleven different types of incidents and four different classifications of incident severity.
- Defines the phases of incident response operations, including deliverables expected for each phase.
- Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
- Defines the scientific method approach to incident response operations.
- Provides guidance on how to write up incident reports (e.g., lessons learned).
- Provides guidance on forensics evidence acquisition.
- Identifies and defines Indicators of Compromise (IoC).
- Identifies and defines sources of evidence.
- The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
- This helps provide evidence of due care in how your company handles cybersecurity incidents.
- The CIRP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.