NIST CSF and SP 800-171

Xacta 360®: Risk management and ongoing security compliance for controlled unclassified information (CUI).

The federal government has mandated that all government contract holders that work with controlled unclassified information (CUI) comply with NIST SP 800-171 as of the beginning of 2018. Further, NIST suggests using its Cybersecurity Framework (CSF) to help organizations manage their 800-171 compliance process.

Now, Telos® introduces an Xacta 360 application purpose-built for NIST CSF and 800-171 compliance.  Using Xacta 360 CSF+171 gives you the tools you need to:

  • Conduct a self-assessment against all of the CUI requirements specified in 800-171
  • Identify all CUI requirements where there is non-compliance
  • Create Action Plans (POA&Ms) for each area of non-compliance
  • Create a System Security Plan (SSP) for your enterprise
  • Maintain 800-171 compliance status and supporting documents over time

NIST CSF and SP 800-171 in Xacta 360:

The Xacta 360 application includes each step of the NIST CSF process for establishing or improving a cybersecurity program.
The Xacta 360 application includes each step of the NIST CSF process for establishing or improving a cybersecurity program.
Xacta 360 supports you in identifying the security requirements for your system according to NIST SP 800-171.
Xacta 360 supports you in identifying the security requirements for your system according to NIST SP 800-171. By selecting which requirements of the 800-171 regulation are applicable to this assessment, you determine your organization's Target Profile.
Xacta 360 lets you run tests of your current profile to establish a baseline of your security posture.
Xacta 360 lets you run tests of your current profile to establish a baseline of your security posture.
Xacta 360 questionnaires help you assess your organization’s current cybersecurity posture versus its target posture.
Xacta 360 questionnaires help you assess your organization’s current cybersecurity posture versus its target posture. In this questionnaire, you’re answering questions in order to generate a Current Tier to be compared with the Target Tier.
Xacta 360 automatically generates the documents you need, when you need them.
Xacta 360 automatically generates the documents you need, when you need them.
The application produces and helps you manage the action plan for tracking and mitigating risks.
The application produces and helps you manage the action plan for tracking and mitigating risks.

Customer Testimonial

“Tracking and managing all fourteen control families and over 100 unique controls of NIST SP 800-171 is a daunting task.  Even for small networks, managing progress by spreadsheet can be overwhelming, if not impossible. Xacta allows me to custom-tailor controls to support our unique business environment.” 

-Rodney N. Arthur, Director of IT, DCX-CHOL Enterprises

  • How does the Xacta 360 CSF+171 application work?

    As is true with other Xacta 360 applications, Xacta 360 CSF+171 works much like tax preparation software, helping you navigate the end-to-end process. You won’t have to spend time interpreting the documents in your security package or figuring out how to implement the underlying processes.

    Users are presented with a series of input screens that collect and organize all of the data needed for the 800-171 gap assessment process.  These screens are organized in a logical manner and prompt the user to answer questions and input the data needed to complete the required 800-171 process.

    The application generates the required documents (SSP and Action Plans) as a byproduct of the process.  You don’t have to generate these documents from scratch at the end of the process.  The application does this for you based on your inputs.

  • Will the Xacta 360 CSF+171 application save me time?

    The application will save you weeks of time interpreting and implementing the process. Smaller organizations with few cybersecurity and IA resources will realize a dramatic benefit.

    The application will save you days and perhaps weeks of time (depending on the size of your environment) establishing your IT asset and cloud resource inventory.

    The recommended requirement implementation language (best practices for achieving each of the various 110 CUI requirements) will also save you weeks of time. This content offers you a solid starting point to work from, which you may also choose to use without modification. In either case the time savings are substantial.

    The document generation process is completely automated. NIST has specified the content and format requirements for the SSP and Action Plans. The application generates these documents, based on user data inputs, in accordance with NIST specifications. This function also saves weeks of time.

On-Demand Webinar

Combatting Audit Fatigue in IT Risk Management

This webinar focuses on issues that arise from having to support multiple compliance regimes and examine ways to harmonize standards that require varying levels of evidence and fidelity. Presented by Steve Horvath, Vice President of Strategy and Cloud for Telos Corporation, and AJ Turcot, Enterprise Account Executive for Telos Corporation, this on-demand webinar offers actionable strategies for combatting IT audit fatigue.

Learn more

Request a Demo
Let us show you Xacta in action.