Skip to the main content.

COMPLIANCE

NIST 800-171 / CMMC

Federal Contractors, Suppliers, and Manufacturers

Contact Us
 

SECURE YOUR DATA AGAINST DATA BREACHES.

To proactively secure data and address the risk of data breaches in your business, both On Time Tech and industry regulators recommend developing a comprehensive cybersecurity program that incorporates steps from the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The critical steps of the NIST framework are to identify threats, protect assets, detect compromises, and plan for a response and recovery in the event of a cybersecurity incident.

IS YOUR CYBERSECURITY FRAMEWORK NIST COMPLIANT?

“It’s really framework first. It’s incredibly important today, in this dynamic threat environment, that organizations build an elastic cybersecurity strategy that can grow and expand continuously to mitigate that risk that they face and the framework does exactly that.”
—Ed Cabrera, Trend Micro Chief Cybersecurity Officer, (NIST Framework as a Foundation)

NIST controls help an organization assess its cybersecurity risk at a high level. By following these steps, organizations will be able to incorporate many risk management elements unique to their business to create a comprehensive cybersecurity program. The first step an organization should take is to identify and assess its risks regarding systems, assets, data, processes and personnel. The protect step encompasses information and system assets, encryption, employee devices and controls, and staff training. The detection step outlines activities such as penetration testing and intrusion that help to identify vulnerabilities to a data breach incident. In the event of a cybersecurity event, a response plan provides for activities to contain the impact, analyze the event and mitigate any further damage. Finally, the recovery step involves maintenance and restoration activities for getting business operations back to normal after an incident.

Valeo-Icon-Graphic-Security (3)

NIST COMPLIANCE FOR GOVERNMENT CONTRACTORS

If you’re a government contractor processing, storing or transmitting federal contract data, the Defense Federal Acquisition Regulation Supplement (DFARS) mandates minimum security standards in the NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.” Companies that deal with controlled unclassified information (CUI) must comply with NIST 800-171, which specifically provides guidance for non-federal information systems to secure government data.

Any company working with federal contract information must provide evidence of security protections and compliance or risk the loss of contract awards and the ability to compete for future awards. Government contractors or subcontractors must demonstrate “adequate security” as specified by NIST 800-171 and have cyber-incident policies and procedures in place that meet the DFARS requirements.

In 2019, Department of Defense (DoD) announced the implementation of the Cybersecurity Maturity Model Certification (CMMC), which ranks contractors based on their cyber hygiene and is based on the NIST 800-171 framework. Beginning in 2020, the CMMC will be a requirement for all DoD contractors to be able to participate in RFIs and bid on RFPs.

The-Capitol-and-Reflecting-Pool-in-Washington-DC. (1) (1)
cloud_img_03

NIST FOR FINANCIAL SERVICES

The Securities Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) also recommend that financial services and banking sectors implement a comprehensive cybersecurity program that includes steps from the NIST Cybersecurity Framework. These regulators recommend following the best practices of annual risk assessment, incident management, annual pen testing, log management, review and retention.

FINRA Compliance

NIST FOR INDUSTRY AND MANUFACTURING

Depending on the manufacturing industry, most businesses need to demonstrate compliance with NIST 800-171, FDA GMP, EPA, ISO or SEC regulations, which require technical controls, pen testing, audits, system validations, electronic signatures and documentation for software and systems involved in processing electronic data. Implementing a comprehensive cybersecurity program using the technical NIST controls will ensure manufacturers keep data secure within their plant operations while meeting compliance regulations.

SCHEDULE AN ASSESSMENT

Red-Ring-Binder-with-Inscription-Compliance-on-Background-of-Working-Table-with-Office-Supplies-Laptop-Reports.-Toned-Illustration.-Business-Concept-on-Blurred-Background.
 

Identify, Monitor, Report

On Time Tech IS NIST COMPLIANT

On Time Tech has been NIST 800-171 compliant since December 2017. Achieving NIST 800-171 compliance requires diving deep into networks and
procedures to make sure appropriate security procedures are properly addressed. On Time Tech continues to evaluate its networks, procedures and process to ensure compliancy.

Contact Us

COMPLIANCE FOR 
EVERY BUSINESS

The NIST Framework uses many of the Top 20 Center for Internet Security (CIS) Critical Security Controls (CSC) as its baseline for its best practice recommendations. The CIS CSC are compatible with various industry-specific regulations such as HIPAA, FISMA and PCI DSS. For any business or industry, large or small, a vulnerability assessment test will help an organization determine compliance with all relevant regulations. On Time Tech provides the security risk assessments and the expertise to meet stringent administrative, technical and physical controls necessary to be both compliant and cyber-secure.

FREE COMPLIANCE CONSULTATION

Handsome-businessman-and-beautiful-businesswoman-using-laptop-together-in-cafe
Asset-2-819x1024

START YOUR JOURNEY

Make your IT matter and start your collaboration with On Time Tech

 

IS On Time Tech CERTIFIED?

HECK YEAH WE ARE



vmwarecert-300x300
LPI_Essentials-300x300
MCSE-e1603732646382
enterprise-ready-300x300
CompTIA_Security_2B-300x300
CompTIA_Project_2B-300x300
CompTIA_Network_2B-300x300
CompTIA_CloudEss-300x300
CompTIA_Cloud_2Bce-300x300
CompTIA_A_2B-300x300
awscloudcert-300x300
cehcert-300x300
ccnpcert-300x300
ccispcert-300x300
connectcert-300x300
PMP-Logo-300x300
rhcert-300x300
vmw-dcv-2020-300x273
vmw-bdg-cert-aso-dig-biz-xform-300x273
itil-v3-300x225