NIST 800-171 Requirements to file status

  • 23 Aug 2021 4:54 PM
    Message # 10951277

    Good afternoon,

    As you have seen, I have posted information about the Cybersecurity Maturity Model Certification (CMMC) and requirements for filing your NIST 800-171 score with the U.S. Department of Defense.  Since there are many companies waiting on CMMC, now may be a good time to address your NIST 800-171 since that is a requirement to file.

    The NIST 800-171 addresses 110 controls, the basis for the CMMC Level 3, which has 130 controls.  If you are interested in a discussion about your NIST 800-171 score, we can share recommendations on filing, if you have not already filed, or increasing your score to 110.

    Here is some information about NIST 800-171.

    NIST 800-171 filing requirement 

    Recently, the DoD issued a statement about NIST 800-171. Our CEO at Choice CyberSecurity, Steve Rutkovitz, is offering to take a look at the company's readiness to upload their NIST 800-171 before they upload to give them feedback on their status, and we provide this service at no charge. And if you have already filed your NIST 800-171 and would like a review and recommendations to increase your score, we can assist with that as well. 

    Many firms may do this on their own, some may want an outside opinion to take a look at their NIST 800-171 before they upload their information to the DoD. Contractors need to submit and upload the following: 

    1. System Security Plan (SSP) lists all 110 controls and comments

    2. Plan of Actions and Milestones (POAM) - this is a report with gaps only and shows dates and time when the controls will be remediated. 

    The Defense Acquisition Regulations System (DARS) recently published an Interim Rule that will enforce NIST SP 800-171 DoD assessments. Starting on November 30, 2020, all contractors will be required to have a current 800-171 on record. 

    Vendors must upload the results of these assessments to the Supplier Performance Risk System (SPRS) website where contracting officers and others can verify the contractor’s 800-171 evaluation is not more than three years old. 

    Choice Cybersecurity can help you to fulfill the NIST 800- 171 requirement, while simultaneously preparing for CMMC.

    Please let me know if you'd like to schedule a no obligation call.  My email is rich@choicecybersecurity.com

    Take care, 



Fast Rope

Powered by Wild Apricot Membership Software