Xacta 360®: Risk management and ongoing security compliance for controlled unclassified information (CUI).
The federal government has mandated that all government contract holders that work with controlled unclassified information (CUI) comply with NIST SP 800-171 as of the beginning of 2018. Further, NIST suggests using its Cybersecurity Framework (CSF) to help organizations manage their 800-171 compliance process.
Now, Telos® introduces an Xacta 360 application purpose-built for NIST CSF and 800-171 compliance. Using Xacta 360 CSF+171 gives you the tools you need to:
Conduct a self-assessment against all of the CUI requirements specified in 800-171
Identify all CUI requirements where there is non-compliance
Create Action Plans (POA&Ms) for each area of non-compliance
Create a System Security Plan (SSP) for your enterprise
Maintain 800-171 compliance status and supporting documents over time
NIST CSF and SP 800-171 in Xacta 360:
“Tracking and managing all fourteen control families and over 100 unique controls of NIST SP 800-171 is a daunting task. Even for small networks, managing progress by spreadsheet can be overwhelming, if not impossible. Xacta allows me to custom-tailor controls to support our unique business environment.”
-Rodney N. Arthur, Director of IT, DCX-CHOL Enterprises
As is true with other Xacta 360 applications, Xacta 360 CSF+171 works much like tax preparation software, helping you navigate the end-to-end process. You won’t have to spend time interpreting the documents in your security package or figuring out how to implement the underlying processes.
Users are presented with a series of input screens that collect and organize all of the data needed for the 800-171 gap assessment process. These screens are organized in a logical manner and prompt the user to answer questions and input the data needed to complete the required 800-171 process.
The application generates the required documents (SSP and Action Plans) as a byproduct of the process. You don’t have to generate these documents from scratch at the end of the process. The application does this for you based on your inputs.
The application will save you weeks of time interpreting and implementing the process. Smaller organizations with few cybersecurity and IA resources will realize a dramatic benefit.
The application will save you days and perhaps weeks of time (depending on the size of your environment) establishing your IT asset and cloud resource inventory.
The recommended requirement implementation language (best practices for achieving each of the various 110 CUI requirements) will also save you weeks of time. This content offers you a solid starting point to work from, which you may also choose to use without modification. In either case the time savings are substantial.
The document generation process is completely automated. NIST has specified the content and format requirements for the SSP and Action Plans. The application generates these documents, based on user data inputs, in accordance with NIST specifications. This function also saves weeks of time.
Threat-informed risk management and continuous compliance.
Combatting Audit Fatigue in IT Risk Management
This webinar focuses on issues that arise from having to support multiple compliance regimes and examine ways to harmonize standards that require varying levels of evidence and fidelity. Presented by Steve Horvath, Vice President of Strategy and Cloud for Telos Corporation, and AJ Turcot, Enterprise Account Executive for Telos Corporation, this on-demand webinar offers actionable strategies for combatting IT audit fatigue.