Federal government contractors, especially those that sell into the DoD, face a challenging environment. This is especially true for the small to mid-sized contractors, who are squeezed between giant competitors and the need to meet stringent federal regulations for cyber security.
Initially it was DFARS and NIST SP 800-171, and now many contractors must comply with the DoD's new Cybersecurity Maturity Model Certification (CMMC.)
It's hard to keep up, but Ntiva has designed cost-effective solutions with the goal of helping Primes and their subs achieve compliance quickly, in order to compete successfully while meeting their regulatory requirements.
Cyber security services are a focal point of our managed IT services work with federal contractors, and we routinely deploy the safeguards needed to comply with NIST, DFARS and CMMC including:
The first step is to conduct a detailed assessment of your current environment. A system security plan (SSP) will be created to document the security measures that need to be put in place, and a Plan of Action and Milestones (POA&M) will outline the action items needed to reach compliance.
The next step is to address the items called out in the POA&M. This could be as simple as implementing a few minor changes, or as complex as doing an overhaul on outdated systems.
Finally, ongoing cyber security monitoring and incident response can be provided by Ntiva. Cyber incidents must be reported to the DoD within 72 hours, and all systems and controls must be constantly assessed and maintained to remain compliant.
A Rosslyn, VA based defense contractor began facing pressure from its primary client to provide evidence of compliance with DFARS and NIST SP 800-171. Their contracts were at risk, and they looked to Ntiva for help providing a response on short notice.
We stepped in quickly to gather information and developed a System Security Plan (SSP) followed by a detailed plan of action (POA&M).
New security measures were implemented, including a log management and auditing solution monitored by our 24x7 Security Operations Center (SOC.)
They went from concern about their contracts in jeopardy, to a strong plan and rapid progress toward NIST alignment in just 8 weeks - a great start for CMMC compliance as well.
In order to become CMMC Level 3 certified, contractors will need NIST SP 800-171 Rev 1 as a baseline, so this contractor is well positioned to start the process.
When it comes to both NIST and CMMC compliance, there are no cookie-cutter solutions. We tailor our compliance projects to the client’s business, budget, and compliance requirements, based on the levels they want to achieve.
Ntiva continues to provide Managed IT Services for this client, in order to relieve their internal IT team of daily maintenance tasks that were preventing them from focusing on more important projects.
Client referral available on request.
Founded in 2004, Ntiva has grown to service more than 1000 clients from many different industries. We know how difficult it is for businesses to keep up with fast changing technology, not to mention escalating cyber threats.
Over the years we’ve listened to our client’s needs and have specialized in helping them comply with increasingly strict security regulations, which are starting to affect almost all industries.
This includes helping DoD contractors and their primes navigate the complexities and financial hurdles of DFARS, CMMC and NIST 800-171, along with other managed IT services as required.