NIST SP 800-171 for CSPs
Cloud service providers (CSPs) undertaking FedRAMP® or DoD SRG cloud security authorization to win federal business must also comply with the applicable FAR and DFARS cybersecurity requirements, including NIST SP 800-171, which is superseded by FedRAMP, DoD SRG requirements, and other agency cloud security requirements in almost all cases. As the largest cloud security assessor, we have extensive experience assessing cloud environments against FedRAMP, DoD SRG, and other cybersecurity requirements and are well-equipped to support CSPs navigating cybersecurity contract obligations during their quest for authorization.
NIST SP 800-171 for higher education
Higher education institutions process, administer, and distribute federal financial aid information; receive federal grant awards for research; and may bid on federal contract opportunities for services. Higher education institutions are thus often subject to FAR, DFARS, or Department of Education (ED) cybersecurity contract obligations that require them to implement NIST SP 800-171 controls and comply with specific cybersecurity requirements imposed by the relevant agency. We have worked closely with higher education institutions on NIST SP 800-171 implementation and FAR, DFARS, and ED cybersecurity rule compliance since the publication of the relevant requirements, and have supported higher education institutions with a variety of compliance needs since our inception.
NIST assessment and support from Coalfire
We provide advisory and assessment services designed to help you navigate the entire compliance process for the FAR and DFARS cybersecurity contract obligations and successfully respond to your specific needs. Our services in this space include:
- NIST SP 800-171 advisory
- Scoping and gap analysis support for organizations and in-scope information systems in scope
- Generation of advisory opinions to support scoping rationale and compliance determinations
- Implementation support for applicable security controls and contract obligations
- Documentation development support, including system security plan (SSP) and plan of action and milestones (POA&M) preparation
- NIST SP 800-171 assessment
- Assessment of security controls
- Assessment and evaluation of overall compliance with cybersecurity contract obligations
- POA&M validation and monitoring
- Compliance recommendation for organizations and in-scope information systems
- Continuous compliance monitoring