i2 NIST 800-171 | NIST 800-53 EXPRESS PACKAGES

 

Based upon Imprimis, Inc.’s experience in the cybersecurity compliance field; and the need of Department of Defense contractors to quickly have completed NIST 800-171 assessments, Plans of Actions and Milestones (POA&M), System Security Plans (SSP) and supporting Policies and Procedures (P&P); Imprimis has developed compliance packages to achieve those goals quickly while minimizing the expense.

These packages take into consideration accepted cybersecurity principles and “Best Practices” that can greatly reduce remediation costs and time it takes to reach compliance.  These compliance milestones allow DoD contractors to be eligible to compete for and retain contracts in as little as 1 month!

express-logo_edited.png

PLAN OF ACTIONS AND MILESTONES (POA&M) EXPRESS PACKAGE

The POA&M Package was developed by Imprimis so that remediation tasks and actions identified as needed during the assessment can quickly be included and scheduled in the POA&M and inserted into a Microsoft Project worksheet. 

These tasks collectively define the plan that will support the client to move from the current configuration to a fully compliant state.

  • Provide the customer a tailored POA&M which will include all remediation activities which need to be completed for full compliance

  • If requested, Imprimis will lead facilitated meetings with customer to define options, including cost and implementation lead times, to achieve the final schedule for all tasks.

  • The customer will make decisions on key elements which include network changes required, key technology/system selections such as multi-factor authentication, backup, monitoring and scanning selections, and will make the final decisions on schedule based on the customer’s needs and resources available.

 

DELIVERABLES

  • Customer POA&M in MS Project or Excel (can apply to open source project management tools)

Picture1.png

I2ACT NIST 800-171 SYSTEMS SECURITY PLAN (SSP) EXPRESS PACKAGE

Utilizing the I2ACT SSP Template and working closely with the customer, a NIST 800-171r1 and DFARS compliant SSP will be developed as follows:

  • System definition including diagrams and hardware/software inventories

  • Identification of the customer’s management organization with responsibility for the protecting the business, Information Technology, and controlled Unclassified Information (CUI) 

  • Risk analysis/assessment

  • Inclusion of the most current NIST 800-171 assessment

  • Recommended inclusion of the customer’s Policies and Procedures and POA&M (If any controls are noncompliant, the POA&M is a required component of the SSP.)

 

DELIVERABLES
 

  • Draft customer SSP

Picture1.png

I2ACT NIST 800-171 POLICIES & PROCEDURES (P&P) EXPRESS PACKAGE

More than 100 of the 110 requirements in NIST 800-171 call for governing policies and procedures.  The Imprimis P&P document addresses this need and is designed to be adopted “as is” and will require no changes.  This package provides direct mapping of NIST 800-171r1 requirements to the policies and procedures a company needs to implement to be compliant  with the added benefit of saving money and resources typically incurred when developing P&P’s.   Of course, the customer can modify or adjust the P&P at any time as they see fit.  

 

A training briefing and video are included with this package, so all employees can immediately be trained on the adopted P&P.

 

Policies and Procedures Package includes:

  • Two separate documents – a Policy document and a Procedure document which allows for easy future additions/deletions

  • Facilitated review of the P&P package with the customer as  

  • Incorporation of minor changes after customer review if necessary

  • Assistance with customer’s approval process for P&P adoption

  • Overview of the training briefing and video

  • A draft Incident Response Plan (IRP)

 

Note: This P&P Package does not include completely customized P&P preparation, re-writing of existing customer policies and procedures, or actual training of employees.

 

DELIVERABLES

  • Final tailored P&P package

Picture1.png

I2ACT NIST 800-171 & NIST 800-53 DSS DAAPM INCIDENT RESPONSE PLAN (IRP) EXPRESS

The purpose of the Incident Response Plan (IRP) is to plan, implement, and maintain a robust incident-handling capability for organizational information and operational systems.  This capability includes preparation, detection, analysis, containment, recovery, and user response activities.   The IRP Package will be prepared working jointly with client,  taking into account their existing corporate culture, processes and IT knowledge base and will provide the:
 

  • Establishment of the Cyber Incident Response Team (CIRT) which includes corporate management, the Chief Information Security Officer (CISO) and IT management and staff.

  • Definition of the process for responding to incidences.

  • Determination of the appropriate documentation and reporting to be included with incident responses.

 

Once the IRP is in place, the client will be responsible for training their management and staff on incident response and developing mock incident response exercises multiple times per year.
 
Deliverable:
 
Final tailored Incident Response Plan

Picture1.png