In November 2021, the US Department of Defense (DoD) announced Version 2.0 of the Cybersecurity Maturity Model Certification (CMMC) information security framework and audit program. Driven by internal review and public comment, CMMC 2.0 updates the requirements for CMMC Version 1.02, released in January 2020 and now suspended. CMMC 2.0 is designed to improve cybersecurity within the Defense Industrial Base (DIB) by ensuring contractors and subcontractors can adequately protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

NIST SP 800-171

The purpose of NIST 800-171 is to provide federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). These requirements apply only to components of nonfederal information systems that process, store, or transmit CUI, or provide security protection for such components. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. NIST 800-171 consists of 110 security requirements broken down into 14 control families taken from FIPS 200 and NIST 800-53:

  1. Access Control
  2. Audit and Accountability
  3. Awareness and Training
  4. Configuration Management
  5. Identification and Authentication
  6. Incident Response
  7. Maintenance
  8. Media Protection
  9. Physical Protection
  10. Personnel Security
  11. Risk Assessment
  12. Security Assessment
  13. System and Communications Protection
  14. System and Information Integrity

NIST 800-171 Readiness Assessment

E Com Security Solutions’ provides the readiness assessment to identify gaps and help with remediation efforts required to meet NIST 800-171 requirements. The assessment includes a review of the 14 domains and 110 controls. E Com Security Solutions’ provides a Readiness Assessment Report to identify any control weaknesses that should be addressed to allow your organization to achieve compliance with NIST 800-171.

NIST 800-171 Compliance Assessment

E Com Security Solutions’ performs a full NIST 800-171 audit of your environment and provides your organization with a report that documents the results of the assessment and will identify what was tested and what was not tested as part of the assessment, especially related to non-applicable controls and inherited controls from leveraged systems. Included with the report is a Plan of Action and Milestones (POA&M) to allow remediation of identified security control weaknesses.