NIST SP 800-171
NIST SP 800-171 COMPLIANCE AND THE CMMC INTERIM RULE
Manage compliance with NIST SP 800-171 while you manage all your IT other requirements. Satisfy the CMMC Interim Rule at the same time!
Stay Ahead of the Changing Rules
With the nation’s security on high alert, the DoD is cracking down on all contractors to be sure they don’t represent a security risk. Compliance Manager GRC is the best way to stay on top of the changing rules and ensure the requirements are being met.
Perform and Score a NIST (SP) 800-171 Self-Assessment
Under the DoD CMMC Interim Rule, contractors are required to complete a self-assessment and submit their score to confirm their compliance with NIST (SP) 800-171 before they can be awarded DoD contracts. Compliance Manager GRC’s built-in Rapid Baseline Assessment can quickly walk you through each of the 110 controls to create a baseline assessment and initial score using the scoring methodology dictated by DFARS clause 252.204– 7020 to generate an itemized scorecard for each of the 110 controls included in NIST (SP) 800-171.Get a Demo
Produce the Required Documentation
Along with the self-assessment score, defense contractors are also required to submit their System Security Plan (SSP). The SSP describes how the specified security requirements that were assessed are being met. You can generate the SSP off the Baseline assessment, or perform a complete technical assessment first, aided by automated data collection and reporting. Compliance Manager GRC automatically generates the SSP. A Plan of Action and Milestones (POA&M) is also automatically generated by the assessment. The POA&M is a key document for continuous security improvement activities. For each control not implemented based on the assessment, the POA&M lists the mitigating steps needed to become compliant, along with specific deadlines for completion.
KEEP PACE WITH CMMC UPDATES
The CMMC Interim Rule came into effect on November 30, 2021. But the new process was so complex, the DoD established a 5-year implementation time frame, and established the Interim Rule to bridge the gap. Within a year, CMMC 2.0 was announced, simplifying the process. But the 5-year implementation schedule remained in place, and the Interim Rule is still in place, and 800-171 is still the defacto standard to follow.
MANAGE EMPLOYEE RISK
800-171 requirements include specific policies and procedures that employees must follow. Compliance Manager GRC includes an Employee Portal to track and enforce employee security awareness training and CMMC policy compliance attestation.
MANAGE 800-171 WITH EVERYTHING ELSE
Compliance Manager GRC is a universal IT security assurance platform with both built-in compliance management templates – like NIST 800-171 – plus the ability to track and manage the IT requirements of any insurance policy, business contract, or internal policy and procedure…all at the same time, in the same place