Cybersecurity Review (NIST 800-171)

See how these advisory components fit into the overall service matrix by downloading a one-page PDF here.

For years DFARS 7012 has been the rule that DOD Federal Government Contractors have had to follow. It is a self-attesting to basic cybersecurity hygiene. A 3rd party evaluation rule called CMMC has been in the works, but it is not the rule and constantly changing. It follows the same Cybersecurity Framework NIST 800-171. With this engagement, we will review your current cybersecurity posture as it aligns with the NIST 800-171. The goal is to create a culture of cybersecurity, not just be box checkers.

There are 117 practices in NIST 800-171. We will evaluate them all. Then prioritize remediation for the 17 foundational items. And develop a longer-term plan for the remaining 110 applicable items.

The following items will be reviewed:
• Access Control
• Awareness and Training
• Audit and Accountability
• Configuration Management
• Identification and Authentication
• Incident Response
• Maintenance
• Media Protection
• Physical Protection
• Risk Assessment
• Security Assessment
• System and Communication Protection
• System and Information Integrity

Location: Primarily Remotely. We would recommend one physical site visit if you have an office. This price includes 1 site visit if necessary. Exact travel reimbursement is to be added. $1000 per site additional site + travel reimbursement.

Duration: 12-16 weeks, plus 3 months post support for continued implementation
Scheduling: A Cybersecurity Review can usually be scheduled and locked in on the calendar within 1-3 weeks, depending on the time of the year. A site visit should occur midway through or later during the engagement.

Deliverable: Hours of industry-leading advice that follows a proven process, very carefully and concisely stated recommendations for your note-taking, with later expansions as necessary.
Implementation Guidance: Up to 3 months involving up to three significant interactions. They are agenda driven, which means that you’ll keep a log of the questions you have and we’ll address them in a batch. We don’t count email exchanges during those 3 months. (This work is not a like a coach)

Participation Requirements: Senior Technology personnel or Principals gathers required documentation.

Decision making principal is a participant in each scheduled meeting. Approximately 6-8 hours over the course of the engagement. Selected managers and key employees participate based on their roles.

Cost: $10,000 Fee + travel reimbursement for 1 site visit.  $1000 per additional site and travel reimbursement as necessary.

Payment Terms: Prepaid and non-refundable. Via ACH, check or credit card (+3%)

“John has always been an exceptional industry partner with a clear command of information technology, running the spectrum from policy to implementation. He brings both complementary and force-multiplying skills to every initiative we’ve undertaken. A true asset and go-to teammate.”

– Michael Ferritto

Wealth Management Covers All Aspects Of Your Plan

Proin eget tortor risus. Pellentesque in ipsum id orci porta dapibus. Praesent sapien massa.

Mauris blandit aliquet elit.


Donec sollicitudin moles


Vestibulum ante ipsum


Curabitur non nulla sit


Nulla porttitor.


Tempus quis ac lectus.


Curabitur blandit


Questions?  Are you concerned if something is a fit?

Schedule A Virtual Coffee Session