Systems Certification Body (SCB), an IAPMO company, is proud to announce a new service, performing NIST SP 800-171 gap analysis and compliance assessments for Department of Defense primary and subcontractors to help them comply with Defense Federal Acquisition Regulation Supplement (DFARS) regulations. SCB has streamlined the entire process, reducing the time and resources needed to obtain and demonstrate compliance.
The two-step process consists of a gap analysis and a compliance assessment.
The gap analysis looks for disparities between the client’s current NIST SP 800-171 program and the new NIST SP 800-171 requirements. SCB’s highly qualified assessment team will take a close look at the client’s network and procedures and will interview the client’s internal IT team to determine the level of NIST SP 800-171 compliance. An assessment team will provide a detailed gap analysis report identifying gaps and ideas on how to fill them so that the client can create its own remediation plan for NIST SP 800-171 compliance.
The gap analysis also includes a detailed report identifying the necessary steps to become CMMC Level 3 compliant as well as a system security plan, which identifies the functions and features of the client’s information system, including the Plan of Action and Milestones (POA&M). The POA&M outlines the action items needed to reach compliance and the timeline to get there. In its final guidance, the Department of Defense states that an SSP and a POA&M are required in order to prove a business is working toward a state of compliance.
“Seeing the needs from our clients and the industry, we are pleased to be able to offer this service,” said Shirley Dewi, IAPMO R&T’s senior vice president of Management Systems Registration Services. “We understand that this process can be daunting and expensive, so we always try to find ways to make that process as simple and cost effective as possible. This way our clients can focus more on actually providing the best service for their clients and growing their business.”
The gap analysis can be completed remotely in one day. On-site assessment is offered at the client’s request.
Once the gaps have been addressed and the client is ready to verify compliance to NIST SP 800-171 and CMMC Level 3, SCB can provide a compliance assessment. Once the items in the compliance assessment have been addressed, the client will receive an NIST SP 800-171 Compliance Certification.
To schedule a compliance assessment, contact SCB at (909) 230-5526 or info@iapmoscb.org.