NIST 800-171 and CMMC 2.0

Network Titan provides NIST SP 800-171 and CMMC 2.0 Implementation Services in San Diego and throughout Southern California providing our CMMC services to organizations with 20 to 1000 users.

Network Titan is a CMMC Implementation specialist and has an RP and CCP (in progress) on staff.

As a CMMC Registered Practitioner, Mike Hughes and the Network Titan Team are invested in the implementation, administration and maintenance of CMMC Compliance. We know how to prepare defense contractors for a CMMC Assessment by a C3PAO. We bring our expertise, training, and implementation experience to organizations that need to comply with CMMC to perform on a contract and continue doing business with the Federal Government. We can work with you where you are now.

WHAT IS THE SP NIST 800-171 r2 ?

NIST is the National Institute of Standards and Technology at the US Department of Commerce. The Special Publication 800-171 (currently undergoing a 3rd revision) governs Controlled Unclassified Information (CUI) when it is stored, processed or transmitted in non-federal organizations and information systems.

Compliance with NIST SP 800-171 has been a requirement for handling CUI under DFARS 252.204-7012 since 2017, the emphasis and enforcement are increasing with CMMC. Suppliers and subcontractors handling CUI for federal agencies, particularly the Department of Defense (DoD), must assess and document specific security measures to demonstrate compliance with the NIST SP 800-171 R2 framework.

ARE YOU COMPLIANT WITH THE KEY AREAS of NIST 800-171 ?

• Access Control: User and transaction authorization and security.
• Awareness and Training: All personnel are adequately trained in security-related duties.
• Audit and Accountability: Access records individually traceable to all users.
• Configuration Management: Network and security protocols and documentation.
• Identification and Authentication: Authorized user identification with multifactor authentication.
• Incident Response: Incident reporting process and notification (DFARS 252.204-7012) capability.
• Maintenance: Information Systems maintenance routine and control.
• Media Protection: Control access and secure hard copy, digital and portable media.
• Personnel Security: Individual screening prior, during and after personnel actions.
• Physical Protection: Protect and monitor access to IS, equipment and operating environments.
• Risk Assessment: Periodic testing to simulate and monitor Information Systems vulnerability.
• Security Assessment: Periodic testing to demonstrate effective and current IS control.
• System and Communications Protection: 14 security requirements; monitor, control and protect.
• System and Information Integrity: Identify, report and correct IS alerts and flaws.

CMMC 2.0 is FINAL!

WHAT IS THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) ?

CMMC is a combination of cybersecurity standards, controls, processes and practices. It can be considered a series of procurement check points that contractors must pass through. It's "how" they handle the NIST 800-171 and 172 controls in their organization. NIST 800-171 is a foundational component of CMMC but is distinctly different. You can think of NIST SP 800-171 R2 as a set of rules and CMMC as the system for checking if you’re following those rules. Revision 2 is the version that currently applies to CMMC however R3 is on the horizon as the standard continues to evolve. Right now, the phased implementation of CMMC is underway and the compliance requirement has begun showing up in DoD procurement contracts.

Contact Network Titan today to talk to an experienced CMMC consultant or schedule your NIST/CMMC Free Consultation.

×

Network Titan 619-255-2621

Call us now to discuss your IT Support needs or
send us a message and we’ll contact you.

• First Name
• Last Name
• Company
• Email Address*
• Message
• CAPTCHA
• *
  • I agree to the Terms of Service and Privacy Policy.
• Comments
  This field is for validation purposes and should be left unchanged.

Δ