NIST SP 800-171 DoD Self Assessment Services

Posted on by Amira Armond
DFARS 252.204-7012 and NIST SP 800-171 requirements

Kieri Solutions LLC has included the NIST SP 800-171 DoD Assessment methodology in our compliance programs since the DCMA started publishing it in early 2020.

The just-published DFARS Interim Rule requires self-assessments to be submitted to the DoD as a pre-requisite for contract award.

For full details and links to sources, please see this article on CMMCaudit.org, written by Amira Armond (President of Kieri Solutions):

DFARS 252.204-7012 enforces NIST SP 800-171

Action required to continue winning contracts

As a DoD contractor, you need to take action immediately in order to continue winning contracts

Note: All of these actions should be performed by a senior-level cybersecurity expert, either on-staff or consultant.

  1. Have a System Security Plan which describes your environment and addresses all 110 requirements in the NIST SP 800-171. This plan is normally 100+ pages for a business with >50 employees.
  2. Have a Plan of Action & Milestones which describes a full plan to achieve 100% compliance with NIST SP 800-171 and DFARS 252.204-7012
  3. Perform a self-assessment using the NIST SP 800-171 DoD Assessment Methodology
  4. Submit these documents and your self-assessment score to the DoD prior to your next contact award. (Ideally a few weeks ahead, so they can process it)

Kieri Solutions program for NIST SP 800-171 and DFARS 252.204-7012

Our cybersecurity compliance program is designed to help organizations become DFARS 252.204-7012 / NIST SP 800-171 compliant.

Our first priority is DFARS 252.204-7012 and NIST SP 800-171 self-assessment

Our overall program is designed to get you CMMC compliant

These two sets of compliance regulations are complimentary, with a straightforward progression from one to the next.

Kieri Solution’s standard compliance program includes these major deliverables:

  • Perform gap analysis and create an action plan to get your organization started on implementation projects as soon as possible.
  • Write the System Security Plan and Plan of Action & Milestones
  • Conduct a DoD self-assessment and help you report it to the DoD
  • Train and guide your IT leadership (CISO, CIO, Compliance Officer) to represent your company during an audit, and to support internal processes demonstrating cybersecurity maturity.
  • Provide customized policies, procedures, and user agreements which address all CMMC Level 2 “Advanced” and NIST SP 800-171 requirements

NIST SP 800-171 compliance is complex

Many companies don’t have the cybersecurity expertise in-house to fully understand what is required by NIST SP 800-171.

They don’t have a real system security plan, or the person assigned to create it only addressed a small portion of the in-scope environment.

Submitting a false claim is punishable

The Federal Justice Department describes penalties of “double the government’s damages” for false claims. The DoD has repeatedly said that falsely attesting to DFARS 252.204-7012 compliance is punishable under the false claims act.

DOJ: The False Claims Act

Next steps: Schedule a free 30 minute consultation

Our president, Amira Armond, is making herself available for 30 minute consultations with DoD contractors that are concerned about cybersecurity compliance.

You can request a free consult by…

Email info@kieri.com

Calling our office at 301-253-5150

Submitting a request via this form