DLGC provides a simplified approach to NIST 800-171 ensuring DFARS and FARS compliance for federal contracts. Through an initial survey to establish scope and two phases to assess compliance, DLGC assists clients with meeting 800-171 requirements.
The first phase facilitates client review of 110 controls cross-referenced to NIST 800-53.
The second phase verifies existing controls meet NIST 800-53 guidance and documents findings using a standard Plan of Actions and Milestones (POAM) allowing clients to address shortcomings.
- Establish scope
- Phase 1 – Detailed Interview – NIST 800-171 requirements
- Phase 2 – Interview verification / audit
- Document findings
- Document roadmap for compliance
- Combine findings and roadmap into a Plan of Actions and Milestones (POAM)
- Coordinate with federal contracting officer for roadmap and POAM approval
Mitigation Process / Corrective Action Plan (CAP):
- Address “low-hanging fruit” i.e. findings with simple/quick solutions
- Schedule resources to address project level actions e.g. create system security plan (SSP), conduct vulnerability assessment, etc.