Achieve cybersecurity compliance and mitigate risk. 

Cyber attacks, hacking, data breaches, viruses—it only takes one to bring down your network and expose proprietary and confidential information. Using a risk management framework, iMpact Utah can help you strengthen your cybersecurity and achieve regulatory compliance for valuable government contracts.

Cybersecurity for Defense Contractors

NIST SP 800-171 for DFARS Compliance

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171

iMpact Utah helps companies implement the NIST SP 800-171 framework and become DFARS compliant.

NIST SP 800-171 are guidelines published by the National Institute of Standards and Technology for the protection of Controlled Unclassified Information (CUI) shared with third-party organizations in the Department of Defense (DoD) supply chain.  

Organizations within the DoD supply chain that handle CUI must follow the recommendations in NIST SP 800-171, in addition to satisfying sections c through g of DFARS 7012. 

There are 110 security requirements of NIST 800-171 organized into 14 families.

  • Access Control
  • Audit & Accountability
  • Incident Response
  • Maintenance
  • Identification & Authentication
  • Media Protection
  • System & Information Integrity
  • Risk Assessment
  • Awareness & Training
  • Personnel Security
  • Configuration Management
  • System & Communications Protections
  • Security Assessment
  • Physical Protection

Ready to implement NIST 800-171? Let’s talk.

Fill out the NIST 800-171 Form.

CMMC Consultation

Achieve CMMC Compliance for Levels 1 & 2

Federal government contracts are excellent for sustaining and growing companies. In order to qualify for a government contract, primary and sub-contractors are required to take measures to protect government information. 

iMpact Utah provides CMMC Registered Practitioner (RP) consulting services that will help you develop a CMMC rated cybersecurity program. 

Our CMMC consulting includes: 

  • Gap analysis
  • Risk mitigation Plan of Action & Milestones (POA&M)
  • Supporting documentation templates 
  • NIST SP 800-171 self-assessment score for Supplier Performance Risk Systems (SPRS)
  • System Security Plan (SSP)
  • Incident Response Plan (IRP)
  • Security awareness and training plan
  • Policies and procedures handbook

Interested in CMMC consultation? Let’s talk.

Fill out the CMMC Consultation Form.

CMMC Pre-Assessment Readiness

Prepare for your Cybersecurity Maturity Model Certification (CMMC)

For CMMC Levels 1 & 2

Following your implementation of CMMC Level 1 or 2, iMpact Utah will provide a pre-assessment prior to booking your CMMC certification. A sample assessment is used to ensure you’re fully prepared to meet the CMMC requirements. 

  • Identify evidence for all practices and processes
  • Collect and organize all objective evidence needed
  • Identify and list all observed gaps in objective evidence
  • Evaluate organization preparedness
  • Perform a pre-assessment readiness check

Interested in a CMMC Pre-Assessment? Let’s talk.

Fill out the CMMC Pre-Assessment Form.

Cybersecurity FAQ

What is CUI? 

CUI stands for Control Unclassified Information. CUI is sensitive but unclassified information and is not intended for the public. 

What is NIST SP 800-171?

NIST, or the National Institute of Standards and Technology, has developed the Special Publication (SP) 800-171 as a set of guidelines derived from NIST SP 800-53 to protect Controlled Unclassified Information (CUI) in nonfederal organizations or systems. Organizations within the Department of Defense (DoD) supply chain that handle CUI must follow the recommendations in NIST SP 800-171, in addition to satisfying sections c through g of DFARS 7012.

What is NIST SP 800-53?

Published by the National Institute of Standards and Technology, the NIST SP 800-53 is a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. The NIST SP 800-171 was derived from this catalog.

What is DFARS?

Defense Federal Acquisition Regulation Supplement (DFARS) is the set of cybersecurity regulations required by the Department of Defense (DoD) for external suppliers and contractors within the DoD supply chain. DFARS was established by the DoD in order to protect sensitive information (CUI) shared with third-party suppliers, contractors, and other DoD partners. 

What is DFARS 7012? (sections c - g)

Sections c through g of DFARS 7012 describe requirements for reporting security incidents that involve the compromise of CUI.

What is CMMC?

The Cybersecurity Maturity Model Certification is a compliance system published by the Department of Defense (DoD) that is used to determine whether an organization meets the levels of security required to work with sensitive information. Companies wishing to be awarded government contracts through DoD will need a CMMC rating and will need to abide by CMMC regulations.

What is CMMC-AB?

The Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) is a nonprofit organization responsible for certifying professionals and organizations in CMMC standards published by the Department of Defense (DoD).  

What is CMMC RP? 

A CMMC Registered Practitioner (RP) specializes in helping organizations prepare for the CMMC. iMpact Utah’s CMMC consulting services are offered by CMMC RPs.

It's a lot to unpack. We can help. Let's talk.

Fill out the Cybersecurity Form.

Stay in the Loop

Industry knowledge and events, sign up here and we'll go places.

Click Here

Not sure where to begin? Let's simplify.

iMpact Utah offers manufacturers an Organizational Excellence Assessment, on the house. Get a customized improvement plan that clarifies your short and long-term objectives, identifies opportunities and gets you on the path to organizational excellence.

When you're ready to transform, grow, and pivot your business, we'll show you where to start and how to keep going. Explore your options, risk free.

Free Organizational Excellence Assessment

Get a Free Organizational Excellence Assessment of your company.

Click Here