Being a contractor with the U.S. Department of Defense, the client sought to meet their DFARS 252.204-7012, 252.204-7019, and DFARS 252.204-7020 cybersecurity requirements. The client had a relatively complex environment consisting of cloud-based servers, Windows endpoints, and Mac Endpoints.
What We did
We performed a security assessment against the NIST SP 800-171 framework of security controls and calculated the client’s summary level or SPRS score. We then created the client’s system security plan and their plan of action and milestones document.
The next step was to create all of the policies and procedures needed to meet NIST SP 800-171 requirements. This included creating the information security policy, incident response plan, CUI handling procedures, configuration management plan, and various forms such as system access request forms and visitor sign in sheets. After creating the policies, they were reviewed and approved by the client’s executive management. We also setup an issue tracker to document all work and configuration changes.
Next, we configured the client’s Microsoft 365 environment to meet NIST SP 800-171 requirements using the guidance recommended by the center for internet security. This ensured that the appropriate file labelling, sharing restrictions, auditing, and access control settings were all in place. The Microsoft 365 environment was now sufficiently secured so as to store CUI.
Next, using Microsoft Endpoint Manager we created configuration profiles for Windows, Mac, Android, and iOS devices and incrementally deployed them to all endpoints. We adjusted the profile settings as required to meet the client’s operation requirements while maintaining compliance.
The Result
The customer was able to satisfy their DFARS related NIST SP 800-171 requirements and prepare for their upcoming CMMC certification.
About the Customer
The core of nVision is product development for real-time electronic systems for military, law enforcement, and civilian application. They are subject matter experts in laser rangefinders, wind measurement systems, signal processing, and more.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.