top of page

i2 Compliance Tools Software Products and Templates

i2ACT-800 Software Products

i2ACT-800 Plans, Templates, Guidelines

POLICY & PROCEDURES

 

Template

INCIDENT RESPONSE PLAN

 

Template

SYSTEM  SECURITY PLAN

Template

i2ACT-800s

The i2ACT-800s product provides tools to assist in assessing compliance with the NIST 800-171r1 requirements as specified in the DFARS Subparts 204.73 and 239.76 and contains all 110 requirements and the 125 referenced controls from NIST 800-53r4.  

  • The tool is ideal for small to medium businesses, subcontractors and supply chain vendors who are required to comply with DFARS 252.204-7012 and NIST 800-171 only

  • Provides for documenting compliance and allows for inclusion of vulnerability scans and other artifacts into the assessment database

  • Reporting features such as assessment worksheets, compliance status, remediation actions and the ability to export to spreadsheet format

  • Intuitive user interface requiring little or no training

  • Includes the NIST 800-171A assessment guidance, the NIST Handbook 162 guidance for NIST 800-171, and the NIST 800-53A guidance for the referenced NIST 800-53 controls to assist the user in their compliance effort

  • Updated as regulations and requirements change
     

i2ACT-800s

i2ACT-800 PRO

The i2ACT-800 PRO product includes all the tools and features from the i2ACT-800s for NIST 800-171r1 for DFARS Subparts 204.73 and 239.76.  It additionally provides support for all NIST 800-53r4 controls and standards based on NIST 800-53r4, DSS AAPM, FIPS, ICS, and ICNSS 1253.

  • Provides standards, guidelines and practices from NIST 800-53r4, 800-53Ar4, 800-171r1, 800-171Ar1, the NIST Handbook 162, DSS AAPM, FIPS, ICS sand ICNSS 1253

  • Includes baselines and overlays for the NIST 800-53r4 controls for the various standards

  • Allows for risk management tailoring of FIPS and ICNSS 1253 control sets

  • Allows the user to tailor a new baseline, add it to the library of baselines, and share it with satellite locations or subcontractors and supply chain vendors

  • Reporting features such as assessment worksheets, compliance status, remediation actions and the ability to export to spreadsheet format

  • Provides for documenting compliance and allows for inclusion of vulnerability scans and other artifacts into the assessment database

  • Intuitive user interface requiring little or no training

  • Includes the NIST 800-53A guidance for the referenced NIST 800-53 controls, the NIST 800-171A assessment guidance, and the NIST Handbook 162 guidance for NIST 800-171 to assist the user in their compliance effort

  • Updated as regulations and requirements change

i2ACT-800 Pro

Policy & Procedures Template

The Policy and Procedures (P&P) template is designed to serve as a template for developing Policies and Procedures (P&P) suitable for your organization and IT network.

 

These P&P are structured to help you achieve compliance with all Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirements, and are organized into sections, each representing one of the 14 requirements families documented within NIST SP 800-171. Each section contains the related family policies, sub-policies, and procedures required to achieve compliance with those specific NIST SP 800-171 requirements. All related NIST SP 800-53 controls are identified and referenced.

 

This template is intended to be used as a guide. Before using, companies should review each policy and procedure thoroughly and then edit as appropriate to fit their specific organizational structure and information system design.

 

Companies deriving policies from the P&P template have found it to be more efficient than drafting and coordinating policies from scratch.

 

The document upon delivery, before personalization, is 68 pages long.

 

Each policy/sub policy offers mapping details to referenced 800-171 requirements and 800-53 controls.

Policy & Procedures

P&P

PREVIEW

Incident Response Plan Template

Our Incident Response Plan (IRP) Template is designed to serve as a template for developing an IRP suitable for your organization and IT network. An IRP provides guidance to organizational personnel on how to respond to various types of cybersecurity incidents and greatly improves the likelihood of consistent, productive, and timely response.

 

Solid incident handling procedures, such as an IRP, are required by NIST SP 800-171 requirements 3.6.1, 3.6.2, and 3.6.3 and are, thus, necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.

IRP

PREVIEW

Incident Response

System Security Plan Template

The System Security Plan (SSP) template is designed to allow companies to efficiently develop one or more SSP(s) by:

 

  • Describing and characterizing their network architecture

  • Identifying governance

  • Establishing system categorization and risk assessments, to include identification of relevant security baselines, controls and overlays

SSP

PREVIEW

System Security

I2ACT Rollup Tool

The i2ACT Rollup Tool enables organizations to take extracts of i2ACT-800 assessments from multiple associated organizations, subcontractors and suppliers and aggregate (or “roll up”) their collective data into one whole for cybersecurity compliance verification, broad evaluation, analysis and collective reporting.

Product description:

 

The i2ACT Rollup tool is an effective and affordable Supply Chain solution.

 

The i2ACT Rollup Tool enables organizations to take extracts of i2ACT-800 assessments from multiple associated organizations, subcontractors and suppliers and aggregate (or “roll up”) their collective data into one whole for cybersecurity compliance verification, broad evaluation, analysis and collective reporting.  The Rollup Tool provides:

 

  • Consistent data/information

  • Standard formatting

  • Digital information exchange

  • Support throughout the process

  • A solution for recurring supply chain risk assessment

 

The tool provides a method for managing the supply chain and their respective cybersecurity requirements.  Some examples of the tool’s value are:

  • Prime contractors (in particular Department of Defense prime contractors) must perform due diligence to accept and manage subcontractors and suppliers and their DFARS and NIST 800-171 cybersecurity compliance.  The tool allows a prime contractor to rollup assessment and compliance data from subordinate organizations who utilized the i2ACT assessment tool at any time.  This is vital since DFARS flowdown clauses make prime contractors liable if any subcontractors or suppliers they share Controlled Unclassified Information who fail to properly protect that information.

  • Prime contractors have the ability to provide aggregate reporting on of all of their suppliers and subcontractors to their Contracting Officers, if requested.

  • An organization could aggregate data from multiple assessments they’ve done over a period of time and analyze them for trends, compliance progress, problem areas, etc.

  • A group of partner companies could utilize this capability to ensure that each company is positively impacting their joint cybersecurity posture under the truism that, in security, you are only as strong as your weakest link.

 

In any usage, the Rollup tool allows an organization to aggregate information and review it on a broad scale, providing key insights into specific or collective security concerns.

Rollup
bottom of page