NIST SP 800-171 Compliance & Consulting

FLANK provides DFARS NIST 800-171 compliance, assessment, and certification services, along with policy templates and toolkits for Department of Defense (DoD) contractors. The DoD has put forth a massive initiative for ensuring that contractors have adequate information security controls in place for protecting the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI)/Covered Defense Information (CDI). With more and more federal contractors storing, processing, and transmitting CUI/CDI, the DoD decided to aggressively pursue a compliance mandate for cybersecurity controls, thus NIST Special Publication 800-171 became the framework to be used. With numerous controls derived from NIST SP 800-53, the NIST 800-171 publication is often looked upon as a smaller, more condensed version of 800-53, while that’s largely true, there are still controls within 800-171 that are unique to it.

DFARS NIST 800-171 Assessments Phases

DFARS NIST 800-171 Assessments can be a challenging and time-consuming endeavor, so here’s what you need to know for ensuring an efficient process from beginning to end, one that saves your business thousands of dollars:

Phase I

Begin with a DFARS 800-171 Readiness & Gap Assessment: FLANK will assist in determining and confirming scope, assess gaps and deficiencies within your control environment, provide guidance on future deliverables and milestones, and much more

Phase II

Remediate all Essential Deficiencies: Federal contractors wanting to become DFARS 800-171 compliant will need to perform two (2) critical remediation activities: (1). Remediation in the form of information security policies and procedures. (2). Undertake necessary security/technical/operational remediation in the form of acquiring and implementing various security software tools, etc.

Phase III

Download and then Develop all DFARS 800-171 Policy Templates and Toolkits: If you have little or no documentation, or your current security policies and procedures are lacking in terms of quality – which is often the case – then sourcing high-quality, professionally researched and developed templates and policy packets is a must, so visit flank.org today.

Phase IV

Develop a System Security Plan (SSP): The main purpose of the System Security Plan (SSP) is to provide an overview of the security requirements of the system and to effectively describe the controls in place or planned, for meeting those requirements.

Phase V

Deploy Continuous Monitoring Initiatives: Becoming DFARS NIST 800-171 compliant is a notable milestone indeed, but the continuous monitoring initiatives for ensuring compliance is maintained is ultimately the more time-consuming challenge, and FLANK can assist with our proven continuous monitoring forms and checklists.


Phase VI

If Necessary, have a Third-Party Assessment Performed: A select number of federal contractors are now being asked to have an independent third-party perform an assessment against the DFARS NIST 800-171 standards.

Providers of NIST 800-171 Policy Templates and Toolkits

Becoming compliant with DFARS 800-171 can be an incredibly challenging process, but thanks to our industry leading DFARS 800-171 Compliance All-in-One Toolkit, you’ve got all the tools, templates, and other supporting documentation for helping ensure rapid compliance with the DFARS provisions. Available for instant download, you’ll receive professionally developed NIST SP 800-171 specific policies, procedures, forms, checklists, templates, scoping & readiness documents, and more that map directly to both the Basic and Derived Security Controls.

Available for instant download, the DFARS Compliance 800-171 All-in-One Toolkit comes complete with the following 8 sections:

  • NIST SP 800-171 Policy Packet
  • NIST SP 800-53 Information Security Policies and Procedures Packet
  • DFARS System Security Plan (SSP) Templates
  • DFARS Scoping & Readiness Assessment Toolkit
  • DFARS Project Management Template
  • DoD Cyber Incident Response and Reporting Program (CIRRP)
  • Third-Party Due-Diligence & Vendor Management Program
  • Risk Assessment Program