(719) 785-0320

CONTACT 

  • Imprims Inc
  • Imprimis Inc
  • Imprimis Inc | i2ACT-800 Compliance
  • Imprimis Inc | i2ACT-800 Compliance

Customer Support: 

Sales Support: 

Technical Support: 

Colorado Springs, CO © 2018 Imprimis, Inc.         

Imprimis started the development of the Imprimis Inc. (i2) Assessment and Compliance Tool (ACT) for the NIST (SP) 800 standards in 2010 and the tool has gone through a number of releases and continues to evolve.  The tool is named  i2 ACT-800 (Imprimis Inc. Assessment and Compliance Tool) where the 800 refers to the NIST 800 special publication series of standards. The current release is version 3.6.1, and several major enhancements are underway for version 4.0 which is under development.  Additionally, Imprimis is preparing for the inclusion of the new CMMC (Cybersecurity Maturity Model Certification) being developed by DoD.  Designs and schedules will be finalized once the final version of CMMC is known.

 

There are multiple versions of the i2ACT-800.  The i2 ACT-800 Pro contains all the controls from the NIST 800-53 catalog of controls, NIST 800-171, DAAPM, and CNSSI 1253, and  contains over 50 preconfigured baselines.  The second tool is the i2 ACT-800s which is dedicated to the NIST 800-171 standard required by the DFARS 204.73 regulations.  Imprimis also developed a rollup tool to allow the viewing and analysis of up to 100 separate assessments at any time.

 

The tools easily operate on laptops or desktops.  The tool is built on Microsoft Access but can run with SQL server if required.  The runtime version is used where possible so that no special software requirements are imposed on the use.  In addition, the tool is available in 2016 MSI (Microsoft Installer) 32 bit and 64-bit versions, and 2019 and Office 365 CTR (Microsoft Click to Run) in both 32- and 64-bit versions.

Originally, the i2ACT-800 was developed as a productivity tool to reduce the time required for assessments.  It was very successful at streamlining the process and minimizing labor.  But the tool has evolved resulting in three major benefits:

  1. Productivity Enhancement: The tool speeds the process and allows collaboration with multiple staff members, so assessments take a fraction of the time they previously did;

  2. Learning and Training: The tool contains many references and explanations of the cybersecurity requirements which allows first-time assessors to spin up in much less time and work with far greater accuracy, and allows experienced assessors to increase the depth of their knowledge; and

  3. Document Management System: Assessing and demonstrating compliance requires a great deal of record keeping from policies and procedures to screen shots of settings, scans, logs, and other sources of information that demonstrate compliance.  All such documents are contained permanently in the database in a logical easily access file system for auditor, future assessments and training.

i2ACT-800s

The i2ACT-800s is an easy to use compliance tool that allows selection of the appropriate subset of standards and provides the documentation that supports how compliance will be met and how it will be remediated if not fully satisfied.  The tool greatly decreases the amount of time and resources required to ensure compliance.  This tool complies with Subparts 204.73 and 239.76, and contains all 110 requirements and the 125 referenced controls from NIST 800-53.  

Features Include:

  • Ideal for small businesses, subcontractors who have to comply with the NIST 800-171 only

  • Puts the entire standard in a searchable database at the users fingertips

  • Provides traceability and long-term trend analysis

  • Incorporates vulnerability scans & other attachments into database

  • Intuitive User interface requiring little to no training

  • Provides Intent & Suggested Evidence to support user

  • User training supported via manuals, videos, webcast, etc.

  • Develops and prints reports

  • Produces a POA&M

  • Updates as regulations change

  • User Group

  • Ticketing System

 

i2ACT-800 PRO

The i2ACT-800 PRO is an easy to use compliance tool that allows selection of the appropriate subset of standards and provides the documentation that supports how compliance will be met and how it will be remediated if not fully satisfied.  The tool greatly decreases the amount of time and resources required to ensure compliance.  This tool complies with DFARS Subparts 204.73 and 239.76 and contains all 970 NIST-800-53 controls, enhancements, and NIST 800-53A.

Features Include:

  • Provides standards, guidelines, and practices from NIST (800-53, 800-171), DFARS, DSS-AAPM, FIPS, ICS & CNSS 1253

  • Allows the user to tailor their own baseline, add it to the library of baselines and share baseline with satellite locations or subcontractors

  • Puts the entire standard in a searchable database at the users fingertips

  • Determines which regulations apply – select baseline and easily tailor

  • Provides traceability and long-term trend analysis

  • Incorporates vulnerability scans & other attachments into database

  • Intuitive user interface requiring little to no training

  • Provides Intent & Suggested Evidence to support user

  • User training supported via manuals, videos, webcast, etc.

  • Develops and prints reports

  • Produces a POA&M (Plan of Action & Milestones)

  • Updates as regulations change

  • User Group

  • Ticketing System

 

Policy & Procedures Template

The Policy and Procedures (P&P) template is designed to serve as a template for developing Policies and Procedures (P&P) suitable for your organization and IT network.

 

These P&P are structured to help you achieve compliance with all Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirements, and are organized into sections, each representing one of the 14 requirements families documented within NIST SP 800-171. Each section contains the related family policies, sub-policies, and procedures required to achieve compliance with those specific NIST SP 800-171 requirements. All related NIST SP 800-53 controls are identified and referenced.

 

This template is intended to be used as a guide. Before using, companies should review each policy and procedure thoroughly and then edit as appropriate to fit their specific organizational structure and information system design.

 

Companies deriving policies from the P&P template have found it to be more efficient than drafting and coordinating policies from scratch.

 

The document upon delivery, before personalization, is 68 pages long.

 

Each policy/sub policy offers mapping details to referenced 800-171 requirements and 800-53 controls.

 

P&P

PREVIEW

Incident Response Plan Template

Our Incident Response Plan (IRP) Template is designed to serve as a template for developing an IRP suitable for your organization and IT network. An IRP provides guidance to organizational personnel on how to respond to various types of cybersecurity incidents and greatly improves the likelihood of consistent, productive, and timely response.

 

Solid incident handling procedures, such as an IRP, are required by NIST SP 800-171 requirements 3.6.1, 3.6.2, and 3.6.3 and are, thus, necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.

IRP

PREVIEW

 

SSP

PREVIEW

System Security Plan Template

The System and Security Plan (SSP) template is designed to allow companies to efficiently develop one, or more, SSP(s). It walks customers through:

 

  • Describing and characterizing their system

  • Identifying governance

  • System categorization and risk assessment, including identification of relevant security baselines, controls, or overlays

 

The SSP acts as a foundation to which to attach network and interconnection diagrams, 800-171 Policy & Procedures, cybersecurity assessments, and plans of action and milestones (POA&Ms).

 

An SSP is required by NIST SP 800-171 requirement 3.12.4 and is, thus, necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.

 

I2ACT Rollup Tool

The i2ACT Rollup Tool enables organizations to take extracts of i2ACT-800 assessments from multiple associated organizations, subcontractors and suppliers and aggregate (or “roll up”) their collective data into one whole for cybersecurity compliance verification, broad evaluation, analysis and collective reporting.

Product description:

 

The i2ACT Rollup tool is an effective and affordable Supply Chain solution.

 

The i2ACT Rollup Tool enables organizations to take extracts of i2ACT-800 assessments from multiple associated organizations, subcontractors and suppliers and aggregate (or “roll up”) their collective data into one whole for cybersecurity compliance verification, broad evaluation, analysis and collective reporting.  The Rollup Tool provides:

 

  • Consistent data/information

  • Standard formatting

  • Digital information exchange

  • Support throughout the process

  • A solution for recurring supply chain risk assessment

 

The tool provides a method for managing the supply chain and their respective cybersecurity requirements.  Some examples of the tool’s value are:

  • Prime contractors (in particular Department of Defense prime contractors) must perform due diligence to accept and manage subcontractors and suppliers and their DFARS and NIST 800-171 cybersecurity compliance.  The tool allows a prime contractor to rollup assessment and compliance data from subordinate organizations who utilized the i2ACT assessment tool at any time.  This is vital since DFARS flowdown clauses make prime contractors liable if any subcontractors or suppliers they share Controlled Unclassified Information who fail to properly protect that information.

  • Prime contractors have the ability to provide aggregate reporting on of all of their suppliers and subcontractors to their Contracting Officers, if requested.

  • An organization could aggregate data from multiple assessments they’ve done over a period of time and analyze them for trends, compliance progress, problem areas, etc.

  • A group of partner companies could utilize this capability to ensure that each company is positively impacting their joint cybersecurity posture under the truism that, in security, you are only as strong as your weakest link.

 

In any usage, the Rollup tool allows an organization to aggregate information and review it on a broad scale, providing key insights into specific or collective security concerns.