The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The twelfth of the 14 Families of Requirements for NIST 800-171 compliance is security assessment.
What is Security Assessment in Terms of NIST 800-171?
The Security Assessment family of requirements stipulates that businesses develop an SSP and POAM, and ensure that these documents are regularly reviewed and updated. A company must assess, implement and maintain up-to-date cybersecurity practices, correct deficiencies and eliminate vulnerabilities. In addition, it must develop and implement a continuous monitoring program. Security assessment consists of 4 Basic Security requirements and no Derived Security requirements.
Basic Security Requirements
- 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
- 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
- 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
- 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC.
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.