Kieri Solutions LLC has included the NIST SP 800-171 DoD Assessment methodology in our compliance programs since the DCMA started publishing it in early 2020.
The just-published DFARS Interim Rule requires self-assessments to be submitted to the DoD as a pre-requisite for contract award.
For full details and links to sources, please see this article on CMMCaudit.org, written by Amira Armond (President of Kieri Solutions):
Action required to continue winning contracts
As a DoD contractor, you need to take action immediately in order to continue winning contracts
Note: All of these actions should be performed by a senior-level cybersecurity expert, either on-staff or consultant.
- Have a System Security Plan which describes your environment and addresses all 110 requirements in the NIST SP 800-171. This plan is normally 100+ pages for a business with >50 employees.
- Have a Plan of Action & Milestones which describes a full plan to achieve 100% compliance with NIST SP 800-171 and DFARS 252.204-7012
- Perform a self-assessment using the NIST SP 800-171 DoD Assessment Methodology
- Submit these documents and your self-assessment score to the DoD prior to your next contact award. (Ideally a few weeks ahead, so they can process it)
Kieri Solutions program for NIST SP 800-171 and DFARS 252.204-7012
Our cybersecurity compliance program is designed to help organizations become DFARS 252.204-7012 / NIST SP 800-171 compliant.
Our first priority is DFARS 252.204-7012 and NIST SP 800-171 self-assessment
Our overall program is designed to get you CMMC Level 3 compliant
These two sets of compliance regulations are complimentary, with a straightforward progression from one to the next.
Kieri Solution’s standard compliance program includes these major deliverables:
- Perform gap analysis and create an action plan to get your organization started on implementation projects as soon as possible.
- Write the System Security Plan and Plan of Action & Milestones
- Conduct a DoD self-assessment and help you report it to the DoD
- Train and guide your IT leadership (CISO, CIO, Compliance Officer) to represent your company during an audit, and to support internal processes demonstrating cybersecurity maturity.
- Provide customized policies, procedures, and user agreements which address all CMMC level 1-3 and NIST SP 800-171 requirements
NIST SP 800-171 compliance is complex
Many companies don’t have the cybersecurity expertise in-house to fully understand what is required by NIST SP 800-171.
They don’t have a real system security plan, or the person assigned to create it only addressed a small portion of the in-scope environment.
Submitting a false claim is punishable
The Federal Justice Department describes penalties of “double the government’s damages” for false claims. The DoD has repeatedly said that falsely attesting to DFARS 252.204-7012 compliance is punishable under the false claims act.
Next steps: Schedule a free 30 minute consultation
Our president, Amira Armond, is making herself available for 30 minute consultations with DoD contractors that are concerned about cybersecurity compliance.
You can request a free consult by…
Calling our office at 301-253-5150
Submitting a request via this form