NIST 800-171 Requirements
On December 30, 2015, the U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Acquisition Federal Regulation Supplement (DAFRS) that gives government contractors a deadline of December 31, 2017 to implement the requirements of the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171r1.
Methodology:
The Gap Assessment will focus on the specific requirements of the NIST SP800-171 Security Requirements. Our internal framework and methodology for evaluating general information security practices will also guide our efforts. GoldSky Assessors will review and evaluate the Organization’s compliance with the NIST SP800-171 Security Requirements. This will include:
- Interviews with key personnel in core functional areas and information technology;
- Review of documentation to support NIST SP800-171 compliance;
- Testing of identified NIST SP800-171 controls;
- Identification of gaps in the Organization’s compliance with the NIST SP800-171 Security Policy.
The Security Requirements defined in NIST SP800-171 will be used as the basis for assessing technical and procedural controls and encompasses the following areas:
| NIST SP800-171 Security Requirements | |
| Requirement 1 | Access Control |
| Requirement 2 | Awareness and Training |
| Requirement 3 | Auditing and Accountability |
| Requirement 4 | Configuration Management |
| Requirement 5 | Identification and Authentication |
| Requirement 6 | Incident Response |
| Requirement 7 | Maintenance |
| Requirement 8 | Media Protection |
| Requirement 9 | Personal Security |
| Requirement 10 | Physical Protection |
| Requirement 11 | Risk Assessment |
| Requirement 12 | Security Assessment |
| Requirement 13 | System and Communication Protection |
| Requirement 14 | System and Information Security |
GoldSky Security offices in Orlando, Denver, Tampa, Nashville, Washington D.C, Phoenix and can help support your NIST 800-171 compliance requirement.
