• Integrated Management Center
Projex IMC
  • Home
  • About Us
    • Overview
    • Our Process
    • Our Leadership Team
    • Our Strategic Partners
    • Document Library
    • Media Center
    • Projects
  • Industrial Ecommerce Solutions
    • Strategy
      • Overview
      • The Sales Pipeline
      • Digital Sales Framework
      • Digital Marketing Framework
      • Product Management Framework
      • Strategic Planning
      • Execution
    • Base Platform
      • Overview
      • Platform Extensions
      • Creative Support Services
      • Website/Webstore Development
      • Digital Marketing Services
      • Content Management
      • Product Catalog
      • Tech Support
      • Hosting
    • Advanced Edition
      • Overview
      • Advanced Extensions
      • CRM System Integration
      • Private Partner Portals
      • GDPR Support
    • Manufacturing Edition
      • Overview
      • Manufacturing Extensions
      • Product Configuration Tools
      • Digital Sales Rooms
      • ERP Integration
  • IT/CyberSecurity Services
    • Overview
    • Managed IT Services
    • Diagnostic & Repair Services
    • Computer Networking Services
    • Backup & Recovery Services
    • CyberSecurity Services
    • CyberSecurity Standards Compliance
    • vCIO Services
    • Projects
  • Contact
  • Menu
  • NIST 800-171 Compliance Program

NIST 800-171 Compliance

NIST 800-171 is a practical set of standards developed by the U.S. Department of Commerce and supported by the U.S. Department of Homeland Security (DoHS), U.S. Department of Defense (DoD) and many commercial security experts.

DoHS, DoD and the Department of Commerce have established the NIST 800-171 CyberSecurity Standard as a requirement for all DoD and DHS supply chain participants and as the recommended, defacto standard for all manufacturing, distribution and industrial services organizations. The critical reality of counter party risk is the reason these minimum cybersecurity standards are imposed on every level of the defense supply chain. The fact that supply chain businesses are essentially internal network participants creates a fundamental need to ensure all participants are executing best practices.

NIST 800-171 Requirements and Purpose:

REQUIREMENTPURPOSE
Access controlLimit/control system access
Awareness and trainingEducated users and best practices
Audit and accountabilityIdentify and trace incidents
Configuration managementControl network hardware and software
Identification and authenticationVerify users and devices
Incident responseDetection and recovery process
MaintenanceImplement sustainable processes
Media protectionPhysically control and secure
Personnel securityPre-qualified users/access rights
Physical protectionLimit access to physical spaces
Risk assessmentScan for vulnerabilities
Security assessmentPeriodically assess “as is” situation
System and communications protectionProtect inbound / outbound
System and information integrityIdentify malicious code and users

All of the above elements are required to achieve a minimum level of sustainable protection.

NIST 800-171 Compliance Roadmap:

The journey towards NIST 800-171 compliance while different in every case, will encompass the following activities, and tasks, as well as the development of specialized documentation, policies and procedures:

Assessment

Network and security assessments must be performed to uncover/identify existing security risks.

Network/Security Remediation

Cybersecurity risks identified during network/security assessments must be remedied to eliminate imminent (known) vulnerabilities.

NIST 800-171 CyberSecurity Audit

Using the Cyber Security Evaluation Tool (CSET) from the Department of Homeland Security and the NIST 800-171 standard as a reference, a formal CyberSecurity Audit must be performed and documented. This is accomplished using the CSET NIST 800-171 questionnaire — typically over the course of several audit sessions.

System Security Plan Report

The System Security Plan Report — one of three main documents that must be developed in order to attain NIST 800-171 compliance — includes answers to all the questions raised in the CyberSecurity Audit. In addition, it documents the IT environment (hardware and software infrastructure), key cybersecurity roles and responsibilities within the organization and a basic system risk analysis.

Incident Response Plan

The Incident Response Plan is the second document that must be developed in order to attain NIST 800-171 compliance. The Incident Response Plan documents the actions, actors and reporting requirements the organization has developed when responding to a detected cybersecurity breach.

Plan of Action with Milestones

The Plan of Acton with Milestones is utilized to document any deficiencies found during the CyberSecurity Audit, and to document the mitigation plan developed to eliminate these deficiencies. It also provides evidence of progress and appropriate support documentation.

Continuous Improvement

As the organization’s IT systems and infrastructure evolve, so does the cyberaecurity threat landscape. The implementation of a continuous improvement cybersecurity program is essential to help the organization maintain a strong cybersecurity posture. It is recommended that the following activities take place:

  • Periodic (annual) Network and Security Assessment and execution of the Remediation Plan
  • Periodic (annual) reviews of policies and procedures including the System Security Plan and the associated System Risk Analysis, and the Incident Response Plan
  • Periodic (annual) end user CyberSecurity Awareness training
  • Overview
  • Managed IT Services
  • Diagnostic and Repair Services
  • Computer Networking Services
  • Backup and Recovery Services
  • CyberSecurity Services
  • vCIO Services
  • IT Projects

Projex IMC

QuickLinks

  • Home
  • Industrial Ecommerce
  • IT/CyberSecurity Services
  • Terms of Use
  • Privacy

Contact Info

2608 Brodhead Road
Aliquippa, Pennsylvania 15001

Email: sales@projeximc.com
Tel: 724-375-8355

Technical Support

Email: support@projeximc.com
Tel: 724-375-8355

HOURS OPEN

  • Mon-Fri: 9 am to 5 pm ET
  • Sat-Sun: Closed

News & Insights

  • Small Business Technology Center in Aliquippa, Pennsylvania Commemorates the Completion of Major Renovations
  • B2B Digital Marketing Success
  • B2B Competitive Selling Requirements
© Copyright 2023 - Projex IMC
  • Linkedin
  • Facebook
  • Mail

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy
Scroll to top