NIST 800-171

How To Comply - Schedule a free call with one of our NIST specialists - $350 value

ESX recognizes that most organizations do not have the resources or the knowledge base to become NIST 800-171 compliant on their own.  We specialize in helping organizations with 100 employees or less to reach their compliance goals and retain their status as a supplier to the DOD and US Gov’t.

Schedule Call – Get a Plan

Get started today! Contact our team to discuss your specific needs.

Call us at 952-943-0900 for immediate assistance or schedule call below.


Our Process

  1. An ESX ICSG expert pairs with your organization to determine the correct level of security or compliance required
  2. The expert and key stakeholders in the organization work together to perform a risk assessment or an audit, depending on what suits the organizational requirements
  3. The assessor collects artifacts and evidence to supplement the report
  4. Security implementation experts compile the list of the organization’s requirements and results to create a remediation or Corrective Action Plan
  5. The report documents are delivered along with a letter of attestation as to the state of the organization’s security program and guidance for improving the organization’s security posture

If you are serious about information security, the NIST standards are the correct way to proceed!

What is DFARS NIST SP800-171?

On December 30, 2015, the U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Acquisition Federal Regulation Supplement (DAFRS) that gives government contractors a deadline of December 31, 2017 to implement the requirements of the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171r1.

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf

What are the NIST 800-171 Requirements?

  1. Access Control
  2. Awareness and Training
  3. Auditing and Accountability
  4. Configuration Management
  5. Identification and Authentication
  6. Incident Response
  7. Maintenance
  8. Media Protection
  9. Personnel Security
  10. Physical Protection
  11. Risk Assessment
  12. Security Assessment
  13. System and Communication Protection
  14. System and Information Integrity

Frequently Asked Questions

Do the NIST guidelines apply to my organization?

That is highly dependent on what your organization does and who they do it for. If your organization is a branch of the federal government or supports the federal or local government in some way, there is a NIST standard that is applicable.

I already do a SOC2 report. Why should I do NIST assessment?

A SOC2 report is not a security framework. It is a well known medium to provide information for stakeholders outside of your organization about your security program, according to the auditor. Conversely, the NIST Risk Assessment or Audit measures your organization’s security posture based upon continually updated best practices and modern technologies, even to the point of specific hacking attack vectors. Combining a SOC2 report in conjunction with a NIST assessment not only let you know how you can do to protect your organization, it provides stakeholders the information about the state of your security program.

We don’t have a lot of users or systems. Is there a NIST standard for my organization?

Yes! The NIST is customizable based upon the needs of the organization, adjustable to the technologies used, size of the organization, and information that needs to be protected.

My organization is very mature and we have multiple standards that we comply with. Why would we want to use the NIST standards?

Most information security standards are based off of the NIST Special Publications in one way or another but are pared down for protecting a specific kind of information. The NIST guidelines take a holistic security approach and allow the organization to ensure the right amount of security for all applications and data concerns, even physical security and paperwork.

How do I find out more?

We know that every organization is different and requires a slightly different approach. Reach out in order to talk more about your organization’s security desires and requirements.

From Startups to Fortune 500 – Over 3000 Companies Trust ESX

Risk Assessment

Learn More

NIST Compliance

Learn More

HITRUST Compliance

Learn More

Risk Assessments

Learn More

NIST Compliance

Learn More

HITRUST Compliance

Learn More

What Are You Waiting For? Contact NIST Specialist