Case Study

Government Contractor

Achieving & Maintaining NIST 800-171 Compliance

The Challenge

A growing government contractor in the Washington DC area had a small in-house IT team who had always provided excellent support. However, they were starting to be overwhelmed by day-to-day support requests as the business expanded.

This meant that they no longer had the time to tackle the strategic projects that were necessary to help the business compete, nor did they have the time to keep up with constantly changing requirements for regulatory compliance.

Outdated software and hardware were starting to be a concern from a security point of view, not to mention it was costing the firm unnecessary IT dollars to maintain.

Worse, no one was completely sure that they were still NIST 800-171 compliant, a top priority for any government contractor that wants to maintain their Federal contracts!

The Solution

Ntiva was called in to do to a one-time audit of their existing IT infrastructure and operations, including a NIST risk assessment in order to triage, track and treat gaps in their current approach.

After a deep dive investigation, the first recommendation was to update their data center. Eliminating outdated hardware and software via server consolidation and virtualization not only dramatically lowered maintenance costs but reduced their exposure to attacks.

Comprehensive training on how to maintain the new data center operations was delivered to the existing IT staff, along with detailed documentation.

A complete System Security Plan (SSP) was created, documenting in detail all of the necessary security measures that needed to be put in place to achieve NIST compliance, along with a Plan of Action and Milestones (POA&M) which outlined the action items that needed to be done.

One of the key missing elements was a compliant data backup and disaster recovery solution. Ntiva proposed and quickly implemented an up-to-date solution to ensure that this glaring omission was rectified quickly, not only with an eye to federal government requirements but to ensure business continuity.

The Impact

Even though the contractor was in a solid place to manage ongoing IT operations with confidence, they knew they still needed extra help to remediate all the outstanding issues that were called out in the POA&M. They also realized that it was to their benefit to outsource ongoing cyber security monitoring and incident response in order to maintain compliance, as they simply did not have the resources on staff to accomplish this.

Taking advantage of Ntiva Managed Cyber Security Services helped relieve the worry and burden of maintaining NIST 800-171 compliance for this growing government contractor!

Learn More