Don’t ignore NIST 800-171 while waiting on CMMC

Written By Rick Palermo

The Cybersecurity Maturity Model Certification (CMMC) goal posts continue to be a moving target. With the Government’s rulemaking process, the CMMC certification requirement may come as early as this summer or as late as next year.  What hasn’t changed and won’t change regardless of CMMC’s status is the requirement to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 that established the National Institute of Standards and Technology (NIST) Special Publication 800-171 requirements.

The DFARS 252.204-7012 rule has been around since 2016 and the Government fully expects contractors to already be in compliance with the 110 security controls established in NIST SP 800-171. As the Defense Industrial Base awaits the results of the rulemaking process and the adoption of DFARS rule 252.204-7021 that will require third-party CMMC certification, we all should have implemented the 110 controls by now. The only new requirement CMMC adds is the third-party assessment and certification requirement.

If you haven’t started implementing the controls, you won’t find it easy. To satisfactorily meet the controls, you must meet each of the 321 objectives that make up the 110 controls. They must all be documented. They must all have artifacts that prove you’ve met them. Keep in mind the average time to implement the controls is six months. If you have implemented the controls, have you documented them and provided proof? Each of the 321 objectives should have implementation procedures and artifacts (either through examination, testing or an interview with relevant personnel) to back them up.   

Ascolta CMMC Documentation Templates provide an excellent starting point to document your compliance and categorize artifacts. Ascolta offers a complete NIST SP 800-171/CMMC 2.0 document template package with over forty, fully editable Microsoft Word or Excel document, templates.

The package includes:

  • System Security Plan template

  • Program of Actions and Milestones (POAM) template

  • 14 Practice Implementation Procedure templates

  • 16 Organizational Policy templates

  • 13 Additional required document templates

  • Training outlines

Save yourself and your company the time, money and effort of creating these documents from scratch. Purchase the Ascolta NIST SP 800-171/CMMC 2.0 Document Template package today. For the month of March 2023 Ascolta will be offering a 50% discount on our templates available at https://www.ascolta.com/cmmc-document-templates, just enter the promo code MARCHMADNESS at checkout.

Don’t ignore the NIST SP 800-171 requirement while waiting on CMMC.

Rick Palermo
Previous

Introduction to Natural Language Processing (NLP)
Next

CMMC Scoping