Defense Contractor Achieves NIST 800-171 Compliance with the Federal Government
April 15, 2019
Situation
A defense contractor was required to comply with the newly enforced NIST 800-171 framework. Because this was the first time it had to comply with a traditional government standard for information technology, the company was unsure of the new requirements and how to implement new policies and procedures.
Cherry Bekaert’s Guidance
After defining the systems in scope and boundary to be assessed, Chery Bekaert completed a GAP assessment (Phase I), which resulted in over 30 out of 110 controls needing remediation. The remediation ranged from policy and procedure development, to hardware implementation. Cherry Bekaert developed a roadmap for compliance and worked with the company to identify the areas of responsibility to remediate the identified gaps in Phase 2.
Results
The company was able to demonstrate that it was in full compliance with NIST 800-171 to the Federal government and other interested parties (prime contractors). As a result, the company was able to store, transmit and process Covered Defense Information/Covered Unclassified Information (CDI/CUI).