We have a few discounted bundles specifically tailored for clients who need to comply with NIST 800-171, but we can always make a custom package for you. Just give us a call or email us at email@example.com to request a custom package.
As a quick summary of your requirements to comply with NIST 800-171, your is expected to have several different documentation artifacts to prove that your cybersecurity program exists. The reality with compliance assessments is that if something is not documented, you cannot prove it exists. Given that reality, you need to ensure your company has the proper cybersecurity documentation in place:
System Security Plan (SSP)
Plan of Action & Milestones (POA&M)
The bundles listed below have various combinations of our products. These bundles ties together our products into packages that can meet your unique needs, since each product serves a different purpose:
The NIST 800-171 Compliance Criteria (NCC) is essentially a “consultant in a box” that gets you the equivalent of 80 hours worth of a consultant’s time to break down the NIST 800-171 requirements into real criteria for you to implement.
Each of these products has a detailed product page that you can read more about the products and see examples.
This is one of the most popular packages we have. It contains NIST-based policies and standards, we well as the NCC "consultant in a box" product to solidly get you on the road to NIST 800-171 compliance.
NIST-based Written Information Security Program (WISP)
NIST 800-53 based cybersecurity policies & standards in an editable Microsoft Word format.
The WISP addresses the “why?” and “what?” questions in an audit, since policies and standards form the foundation for your cybersecurity program.
Each of the NIST 800-53 rev4 families has a policy associated with it, so there is a total of 26 policies.
Under each of the policies are standards that support those policy statements. These standards equate to the moderate control set from NIST 800-53 rev 4, which is needed for NIST 800-171.
The CSOP is a template for procedures. This is an expectation that companies have to demonstrate HOW cybersecurity controls are actually implemented.
This is an editable Microsoft Word document.
Given the difficult nature of writing templated procedure statements, we aimed for approximately a "75% solution" since it is impossible write a 100% complete cookie cutter procedure statement that can be equally applied across multiple organizations. What this means is ComplianceForge did the heavy lifting and you just need to fine-tune the procedure with the specifics that only you would know to make it applicable to your organization. It is pretty much filling in the blanks and following the helpful guidance that we provide to identify the who/what/when/where/why/how to make it complete.
The NIST 800-171 CSOP is mapped to NIST 800-53 and NIST 800-171 requirements.
The SPBD addresses the “how?” questions for how your company ensures both security and privacy principles are operationalized.
This is an editable Microsoft Word document that provides program-level guidance to directly supports the WISP and DSP policies and standards for ensuring secure engineering and privacy principles are operationalized on a daily basis.
The concept of “secure engineering” is mandatory in numerous statutory, regulatory and contractual requirements. The SPBD provides a “paint by numbers” approach to ensure your company has evidence of both due care and due diligence for operationalizing security and privacy principles.
The CIRP is based on numerous frameworks, but the core is NIST 800-160, which is the de facto standard on secure engineering.