Achieving & Sustaining NIST 800-171 Compliance for Government Contractor

THE CHALLENGE

Achieving National Institute of Standards and Technology (NIST) Compliance

A growing government contractor in Ghana had a small in-house IT team who had always provided excellent support. However, they had been overwhelmed by day-to-day support requests because the business had expanded. This meant they no longer had the time to deal with the strategic projects needed to assist the business to compete, nor did they have the time to maintain up with constantly altering requirements for regulatory compliance.
Outdated software and {hardware} were beginning to be a concern from a security point of view, not to mention it cost the firm unnecessary IT spent to maintain.
Moreover, no one was completely assured that they were still NIST 800-171 compliant, a top priority for any government contractor that desires to maintain their Federal contracts.

THE SOLUTION

National Institute of Standards and Technology (NIST) Risk Assessment and Gap Analysis

Oceancyber was called to do a one-time audit of their existing IT infrastructure and operations, including a NIST risk assessment and gap analysis to triage, observe and treat gaps in their current approach. After a deep dive investigation, the primary recommendation was to replace their data centre. Eliminating outdated {hardware} and software through server consolidation and virtualization dramatically lowered maintenance costs and decreased their exposure to attacks.
Comprehensive coaching on maintaining the new data centre operations was delivered to the current IT staff, together with detailed documentation. A complete System Security Plan (SSP) was created, documenting in detail all the necessary security measures to be put in place to achieve NIST compliance, together with a Plan of Action and Milestones (POA&M), which outlined the action items that needed to be done.
One of the critical missing parts was a compliant data backup and disaster recovery solution. Oceancyber quickly implemented an up-to-date solution, not only with an eye to federal government requirements but to make sure of business continuity.

THE IMPACT

Outsourcing National Institute of Standards and Technology (NIST) Compliance Takes Burden Off In-House IT Team

Though the contractor was in a solid place to manage ongoing IT operations confidently, they knew they still wanted extra help to remediate all the outstanding issues identified. In addition, they also decided it was beneficial to outsource ongoing cyber security monitoring and incident response to keep NIST 800-171 compliant. Their small in-house team did not have the resources to take on crucial cyber security tasks.
For this contractor, it was the right move to outsource strategic initiatives to a qualified third party for the much-needed expertise.