Cybersecurity Review (NIST 800-171)

See how these advisory components fit into the overall service matrix by downloading a one-page PDF here.

For years DFARS 7012 has been the rule that DOD Federal Government Contractors have had to follow. It is a self-attesting to basic cybersecurity hygiene. A 3rd party evaluation rule called CMMC has been in the works, but it is not the rule and constantly changing. It follows the same Cybersecurity Framework NIST 800-171. With this engagement, we will review your current cybersecurity posture as it aligns with the NIST 800-171. The goal is to create a culture of cybersecurity, not just be box checkers.

There are 117 practices in NIST 800-171. We will evaluate them all. Then prioritize remediation for the 17 foundational items. And develop a longer-term plan for the remaining 110 applicable items.

The following items will be reviewed:
• Access Control
• Awareness and Training
• Audit and Accountability
• Configuration Management
• Identification and Authentication
• Incident Response
• Maintenance
• Media Protection
• Physical Protection
• Risk Assessment
• Security Assessment
• System and Communication Protection
• System and Information Integrity

Location: Primarily Remotely. We would recommend one physical site visit if you have an office. This price includes 1 site visit if necessary. Exact travel reimbursement is to be added. $1000 per site additional site + travel reimbursement.

Duration: 12-16 weeks, plus 3 months post support for continued implementation
Scheduling: A Cybersecurity Review can usually be scheduled and locked in on the calendar within 1-3 weeks, depending on the time of the year. A site visit should occur midway through or later during the engagement.

Deliverable: Hours of industry-leading advice that follows a proven process, very carefully and concisely stated recommendations for your note-taking, with later expansions as necessary.
Implementation Guidance: Up to 3 months involving up to three significant interactions. They are agenda driven, which means that you’ll keep a log of the questions you have and we’ll address them in a batch. We don’t count email exchanges during those 3 months. (This work is not a like a coach)

Participation Requirements: Senior Technology personnel or Principals gathers required documentation.

Decision making principal is a participant in each scheduled meeting. Approximately 6-8 hours over the course of the engagement. Selected managers and key employees participate based on their roles.

Cost: $10,000 Fee + travel reimbursement for 1 site visit.  $1000 per additional site and travel reimbursement as necessary.

Payment Terms: Prepaid and non-refundable. Via ACH, check or credit card (+3%)

“John has always been an exceptional industry partner with a clear command of information technology, running the spectrum from policy to implementation. He brings both complementary and force-multiplying skills to every initiative we’ve undertaken. A true asset and go-to teammate.”

– Michael Ferritto