DFARS/NIST 800-171

Black Bottle Security provides expert cybersecurity compliance analysts 
to assess your information systems and cybersecurity roadmap.

At Black Bottle Security, we just don’t consult and assess, we implement security protocol and measures that help businesses to become compliant and stay cyber-secure. Just like a padlock can be shimmed or cut, so can your IT infrastructure. Don’t settle for “good enough cybersecurity.

As a Small Manufacturer does NIST 800-171 apply?

DFARS applies to all prime and subcontractors (no matter the size) doing business with the Department of Defense. If you don’t handle CDI/CUI, you must still get an exception and may still need to comply with DFARS and NIST 800-171.

What’s the Big Deal?

The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171. These standards specify the proper manner in which Covered Defense Information (CDI) or Controlled Unclassified Information (CUI) must be handled and protected.

NIST 800-171, while dated, is still relevant today.  Companies/organizations looking to do work with the Department of Defense or Defense Industrial Base now must be CMMC (Cyber Security Maturity Model) compliant beginning January 1st 2020. 

So why would you need to be NIST 800-171 complaint you may ask? 

Being NIST 800-171 compliant will give your company/organization a competitive edge over the competition in a market where data security is increasingly valuable to businesses and consumers.  Being NIST 800-171 complaint certifies your company/organization has a strong level of cyber hygiene giving both you and your customers a sense of ease knowing that your sensitive information is being protected. 

The 14 required categories of compliance:

  • Access Control
  • Audit and Accountability
  • Awareness and Training
  • Configuration Management
  • Identification and Authentication
  • Maintenance
  • Media Protection
  • Physical Protection
  • Personal Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity

We are currently working with manufacturers in the region to achieve NIST 800-171 compliance in anticipation of the new CMMC, effective January 2020.

What make us ready?

  • We understand what needs to be included in your System Security Plan (SSP), so let's take it from the top.
  • You don't need to worry about completing your Plans of Actions & Milestones (POA&M's), because we got that covered!
  • If you are wondering if NIST 800-171 applies to cloud computing, our experts are here to explain.
  • How long will it take to be compliant... we are ready when you are to get started. Sometimes it's just days before you can attest to compliance.
  • We often hear NIST compliance isn't easy... we are here to tell you that it doesn't need to be complicated.
  • Simple onboarding process
  • Pricing per person per year
  • No setup fee
  • Special Small Business Pricing
  • No hardware appliance devices purchased
  • Branded Administrator Dashboard
  • Unlimited security awareness training
  • Simulated Phishing Campaigns
  • Certificate of Completion
  • Monitor training progress
  • Identify high-risk employees
  • Audit trail of all employee actions
  • US-based phone and email support