top of page

DIY Policy & Procedures Template

The Policy and Procedures (P&P) template is designed to serve as a template for developing Policies and Procedures (P&P) suitable for your organization and IT network.

 

These P&P are structured to help you achieve compliance with all Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirements, and are organized into sections, each representing one of the 14 requirements families documented within NIST SP 800-171. Each section contains the related family policies, sub-policies, and procedures required to achieve compliance with those specific NIST SP 800-171 requirements. All related NIST SP 800-53 controls are identified and referenced.

 

This template is intended to be used as a guide. Before using, companies should review each policy and procedure thoroughly and then edit as appropriate to fit their specific organizational structure and information system design.

 

Companies deriving policies from the P&P template have found it to be more efficient than drafting and coordinating policies from scratch.

 

The document upon delivery, before personalization, is 68 pages long.

 

Each policy/sub policy offers mapping details to referenced 800-171 requirements and 800-53 controls.

DIY Incident Response Plan Template

Our Incident Response Plan (IRP) Template is designed to serve as a template for developing an IRP suitable for your organization and IT network. An IRP provides guidance to organizational personnel on how to respond to various types of cybersecurity incidents and greatly improves the likelihood of consistent, productive, and timely response.

 

Solid incident handling procedures, such as an IRP, are required by NIST SP 800-171 requirements 3.6.1, 3.6.2, and 3.6.3 and are, thus, necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.

DIY System Security Plan Template

The System Security Plan (SSP) template is designed to allow companies to efficiently develop one or more SSP(s) by:

 

  • Describing and characterizing their network architecture

  • Identifying governance

  • Establishing system categorization and risk assessments, to include identification of relevant security baselines, controls and overlays

The SSP is designed to include network and interconnection diagrams, policies and procedures, cybersecurity assessments, Plans of Action and Milestones (POA&M’s), and other relevant artifacts.

An SSP is required by NIST SP 800-171 requirement 3.12.4 and is necessary to be compliant with DFARS 252.204-7012 and NIST SP 800-171.

bottom of page