NIST SP 800-171 Contains 110 Security Controls Across the Following 14 Categories:
3.1 Access Control
3.2 Awareness and Training
3.3 Audit and Accountability
3.4 Configuration Management
3.5 Identification and Authentication
3.6 Incident Response
3.7 Maintenance
3.8 Media Protection
3.9 Personnel Security
3.10 Physical Protection
3.11 Risk Assessment
3.12 Security Assessment
3.13 System and Communications Protection
3.14 System and Information Integrity
3.1 Access Control
3.2 Awareness and Training
3.3 Audit and Accountability
3.4 Configuration Management
3.5 Identification and Authentication
3.6 Incident Response
3.7 Maintenance
3.8 Media Protection
3.9 Personnel Security
3.10 Physical Protection
3.11 Risk Assessment
3.12 Security Assessment
3.13 System and Communications Protection
3.14 System and Information Integrity
CMMC v. 2.0 & NIST 800-171
The effort to become NIST SP 800-171 compliant has additional benefits to CMMC compliance. CMMC v. 2.0 Level 2 contains the same 110 controls found in NIST SP 800-171. The changes to CMMC v. 2.0 eliminated the additional controls and will allow for many companies to seld-assess rather than go through a third-part assessment. In effect, NIST 800-171 compliance will be your company’s basis for CMMC v. 2.0 Level 2 Compliance.
Why Comply?
The DFARS clause 252.204-7012 interim rule released on September 29, 2020 requires that all government contract wins issued to contractors are dependent on the contractor inputting a Supplier Performance Risk System (SPRS) score in the SPRS database system. The SPRS score is derived from a contractor’s score calculated based on the NIST SP 800-171 requirements that have been implemented. Your score in the SPRS database may be a consideration during the selection process.
DFARS Interim Rule Executive Summary
CMMC is being rolled out by DoD over the next 5 years. DoD expects the number of contracts with CMMC requirements to reach 75 by Fiscal Year (FY) 2022, 250 contracts by FY 2023, and 479 contracts in FY 2024. DoD expects all new DoD contracts to contain CMMC requirements starting in FY 2026. Looking forward, the DoD expects to have 1,500 contractors certified in FY 2021; 7,500 more in FY 2022; 25,000 more by FY 2023; and almost 48,000 by FY 2025. If you are not CMMC certified at the appropriate level prior to contract award, then working on DoD contracts will not be possible.
The Maryland DCAP Grant Program
The Maryland Defense Cybersecurity Assistance Program (DCAP) provides funding and assistance for Defense Contractors to comply with the DFARS and NIST 800-171 Standards for cybersecurity, as well as prepare for the upcoming CMMC certification. The program provides funding and resources for Maryland companies to comply with the cybersecurity standards. Funded by the Department of Defense’s Office of Local Defense Community Cooperation (OLDCC) through the Maryland Department of Commerce, the program is being coordinated by the MD MEP.
Grant funding is limited and there is waiting list at this time. If you have interest in the program, we recommend submitting an application to the MD MEP Team as soon as possible – contact us to assist!
Program Benefits
- Up to 60% off mitigation costs.
- $2,500 grant funding reimbursement for the CMMC Pre-Assessment.
- Reported $513,402,088 total retained sales and $155,158,419 total increased sales from client recipients.
- Reported total of 3,051 retained jobs and 136 increased jobs from client recipients.
Braxton-Grant’s 3-Step Cyber Assessment
Braxton-Grant is a cybersecurity consulting organization with NIST SP 800-171 Subject Matter Experts to assist in pre-assessments for organizations with DoD contracts.
We have developed a low-cost solution to help companies get compliant quickly and stay compliant without disrupting your budget.
For more information about how this three-step process would work for your company, please call for a free consultation or contact us to schedule a meeting.
