Cybersecurity Compliance Projects – NIST SP 800-171 and CMMC

Are you a DoD contractor impacted by the new Cybersecurity Maturity Model Certification (CMMC)?

Or do you already need to comply with DFARS 252.204-7012 and NIST SP 800-171, and haven’t yet?

We work with a lot of companies that know they needed to be secure yesterday, but don’t know how to start. Our approach is holistic. We identify problems but also identify solutions. We focus on training and enabling your team so that you aren’t dependent on consultants forever.

Kieri Solutions can guide your company toward compliance:

  • Understand whether CMMC and DFARS 252.204-7012 applies to your organization
  • Break down the requirements in plain language
  • Policies and procedures for required activities like Incident Management
  • Create a plan to reach 100% compliance
  • Training for your Chief Information Security Officer and IT team members
  • Create your system security plan and risk assessment
  • Build evidence showing that your organization is performing CMMC with mature processes

In other words, if your company needs to comply with CMMC, DFARS 252.204-7012, NIST SP 800-171 or another compliance framework, contact us! 

We’ve got experience implementing each of the security controls required.  If your company is deficient in a security control, we will work with you to fix it or make a Plan Of Action and Milestones (POA&M).  Documenting these POA&Ms correctly will help get your company into compliance with DFARS 252.204-7012 today. 

We partner with you to make your compliance project less stressful and confusing.

Call us:  +1 (301) 253-5150

Email us:

Why should your organization do cybersecurity compliance?

There are many reasons to implement a cybersecurity compliance program like NIST SP 800-171 and CMMC.

Qualify for Government contracts

If you are a DoD contractor, the DoD has said you will need to obtain a CMMC certification within the next five years in order to qualify for contracts. If you are a DoD contractor and handle Controlled Unclassified Information (CUI), you are LEGALLY required to comply with DFARS 252.204-7012.

Keep your business running

When you implement best practices contained in NIST 800-171 or other cybersecurity programs, your computer network will become more resilient.  Network hardening and segmentation will reduce or prevent the damage if your servers are attacked by ransomware.  Business continuity planning will fix gaps in your recovery plan and give your staff a playbook to follow when disaster strikes.  Developing high quality policies and processes for change management will help prevent revenue-impacting outages.

Prevent intellectual property loss

Sophisticated hackers from other countries are constantly trying to steal schematics and patent-worthy designs from our corporations.  Many companies have spent millions on R&D.  Do you want overseas competitors to get that hard earned data for free?

Prevent loss of reputation due to data breach

Hardly a day goes by without a large company or government contractor being spotlighted in the news for suffering a data breach.  When this happens, stock prices have a three year loss, on average, of 42%.

Avoid paying for credit monitoring

If you store personal data, such as social security numbers, date of birth, addresses, or credit card numbers, you are responsible for what happens to it.  A common response to a data breach is paying for several years of credit monitoring for each person affected.  For a moderate data breach, this cost is often over a hundred thousand dollars.

Keep your partners and clients safe

Your partner companies and clients want you to have great cybersecurity so that hackers can’t attack them via your systems.  The U.S. Government thinks that this is so important that their contractors are required to comply with NIST SP 800-171, which contains 110 security controls.  There is a new initiative to make cyber security for government contracts an Allowable Cost.  Find out more about the initiative here.

A growing threat is supply chain attacks: hackers attack a company then insert malicious software into that company’s product.  When clients install the product, they also install the malicious software.  It would be horrible if your clients were hacked because they trusted your company.  Implementing required security fixes like two-factor authentication will help prevent this threat.

Your money stays in the bank – not transferred to Nigeria

When you are cyber-secure, you have processes and systems in place to detect hackers and stop malicious software.  When your comptroller’s computer gets a virus, your IT department will have a fighting chance to detect and remove it before your bank password is stolen.

It is time to get secure

I hope those are enough reasons for you to adopt a cybersecurity compliance framework for your company.   If you are a U.S. Government contractor, the CMMC will definitely affect you, and you may be past-due for DFARS 252.204-7012 and NIST SP 800-171. 

Call us:  +1 (301) 253-5150

Email us: