Our Process

1. Assessment/SSP/POAM
We perform a detailed assessment of your current network and compare this with the cyber security controls required in NIST SP 800-171. We then prepare an SSP and POAM so that you can provide documented evidence to the DoD or your Prime that you’re on your way towards compliance. This step then serves as the basis for creation of the remediation plan.

2. Remediation
In this step the items called out in the POAM need to be addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure.

3. Compliance Monitoring & Maintenance
Ongoing advanced cybersecurity monitoring and incident response capabilities are required to remain compliant. If a cyber incident occurs you must notify the DoD through the DIBNet Portal (https://dibnet.dod.mil/portal/intranet/) within 72 hours. You must also constantly assess and maintain the NIST 800-171 controls over time as systems change and fall out of alignment.