NIST 800-171 Risk & Standards Assessment
providing the highest caliber services
Defense Federal Acquisition Regulation Supplement clause 252.204-7012, titled Safeguarding Covered Defense Information and Cyber Incident Reporting, mandates that businesses contracting with the federal government and handling controlled unclassified information (CUI) must adhere to NIST SP 800-171 security requirements. A NIST 800-171 Risk Assessment can help confirm that your business is meeting the requirements of clause 252.7012.
What We Offer
decades of hands-on experience
- OT-Focused Assessments (NIST 800-82, NISTIR 8183, IEC62443, 800-171)
- NIST CSF Assessments for strategy development or annual baselines
- Third-Party Risk Assessments
- DFARS Assessments including Program Management for POAM remediation and Solution Development
- CMMC Readiness Assessments
- Application / Infrastructure Risk Assessments
NIST 800-171 Risk Assessment
The National Institute of Standards and Technology released draft updates to NIST 800-171 to bring assessment procedures in line with NIST SP 800-53 Rev. 5. Organizations following these updates will note that the new structure makes controls easier to implement.
A NIST 800-171 standards assessment ensures your organization uses cybersecurity best practices as established by the NIST. A uniform set of standards for information handling ensures that all organizations contracting with the federal government maintain a consistent set of cybersecurity controls to protect sensitive information.
These standards cover handling CUI in nongovernment organizations that contract with the federal government. CUI includes sensitive data such as:
- Personally Identifiable Information (PII)
- National Security Information
- Critical Infrastructure Information
Businesses that need 800-171 assessments may handle and store information that could impact critical government systems, including designs for communication, space, or weapons systems.
Ensure Compliance with NIST 800-171
Federal regulations require government contractors and subcontractors to secure CUI that they handle. LeveL5Cyber follows NIST 800-171 risk assessment protocols to help verify that your organization meets all cybersecurity standards established in NIST SP 800-53 Rev. 5. Contact our experts to learn how to ensure compliance with cybersecurity standards for federal contractors.
providing the highest caliber cyber consulting services
Connect with our team to discuss your cybersecurity needs
Frequently Asked Questions
decades of hands-on experience
in cybersecurity
LeveL5Cyber’s Risk Assessments enable organizations to inform and prioritize decisions regarding cybersecurity. The services take into consideration today’s evolving threat landscape to drive cybersecurity priorities with an outcome-driven approach using industry standard processes.
While timing can vary, most Assessments will take approximately five to six weeks to complete. Program Development services may take longer based on the scope.
The ISA/IEC 62443 series of standards define requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS). These standards set best practices for security and provide a way to assess the level of security performance.
A NIST Special Publication provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.
A NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI)
Consult Our Experts
your security is important
*denotes a required field