Don't second guess. Go with experience.

This event has passed

NIST Program – CUI-WISP and DIY NIST 800-171 Compliance Course January 2019

CyberDefenses Academy


Available Upon Request - Contact us to request this course, or join the waitlist to be emailed when this product becomes available


January 9 - 10


Round Rock, Texas Training Facility

Delivery Method



Certification of Completion

Audience / Level





Laptop required

Course Details

Program Introduction

CyberDefenses’ comprehensive NIST Program includes the 2-day DIY NIST 800-171 Compliance Course and the complete CUI Written Information Security Program Policy Bundle at an affordable price. This bundle provides what you need to become educated about the NIST requirements and the policies you need to get started on implementation.

The CyberDefenses Do It Yourself program provides the industry’s only comprehensive toolkit that is setup to train you and give you the resources to do the assessment and to implement all of the required policies in your organization. The classes are led by CyberDefenses experts who have performed assessments of CyberDefenses clients and the policy packages are provided to expedite your compliance needs.

Controlled Unclassified Information – Written Information Security Program (CUI-WISP)

CyberDefenses provides managed security services including consulting, network operations and policy programs for compliance documentation. The NIST 800-171 policy program consists of a tailored Controlled Unclassified Information (CUI) Written Information Security Program (CUI-WISP) addressing CUI compliance requirements. The CUI-WISP policy program includes thirty policy documents expected by many DoD and federal contracting officers.

This policy program contains policy and planning templates designed to fully implement NIST 800-171 requirements within your organization. The program is unique in the industry; it is designed specifically to address CUI requirements as opposed to a general-purpose program retrofitted from larger, federal organization focused requirements.

The CUI focused templates are modeled upon FedRAMP requirements as indicated by DFARS. Users will update and customize these policy templates for their own environment. The policy program consists of Microsoft Word (.docx) and Microsoft Excel (.xlsx) files to facilitate template customization.

Standard licensing requires a separate policy program be purchased for each company that implements the policy program within their organization. Consultant pricing is available for use with multiple companies, please contact CyberDefenses for alternate licensing.

DIY NIST 800-171 Compliance Course

Controlled Unclassified Information (CUI) is at risk and the US Government is getting serious about protecting it. All contractors and sub-contractors that are in the business of providing goods and services to the government need to get serious too. Starting with Executive Order 13556 in 2010 and emphasized with the 2014 Federal Information Security Modernization Act (FISMA Reform) the government recognized problems in the supply chain that place Controlled Unclassified Information (CUI) at risk.

NIST Special Publication 800-171 r1 (December 2016) addresses these risks with 14 information security families and 110 information security controls that draw heavily from NIST 800-53. The Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) now imbed mandatory information security requirements directly into contracts with critical compliance dates as early as December 2017.

Join CyberDefenses to review these new federal requirements, discuss approaches to completing the initial assessment, address requirements and achieve compliance. Includes hands-on exercises on how to do the assessment, as well as providing students with needed templates for the required Plan of Actions & Milestones (POA&M) and the Self Attestation Documents.

Course Objectives

In this course, you will learn about the high level requirements outlined in the NIST Special Publication 800-171. This course will prepare you to perform an assessment to determine whether your organization is compliant and provide you with the templates and tools required to complete it.

Target Student

This course is intended for IT practitioners, business owners and/or project managers with basic IT knowledge that are charged with understanding the impact of NIST 800-171 on their business.


Dave Gray
Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability.Learn more about Dave Gray
Brian Engle
Brian’s information security career stretches back to 1997 as an Engineering Manager after which Brian’s technical and leadership abilities saw him rise from Senior Information Security Manager to Chief Information Security Officer, first in the private sector and then in successive positions in state government culminating as CISO for the State of Texas.Learn more about Brian Engle

Additional Information

None at this time.

Course Outline

  • Part 1 includes understanding what Controlled Unclassified Information (CUI) is, why it’s important, the consequences for non-compliance and the multiple timelines for Federal and Defense focused contracts. Understand the compliance process starting with self-assessment, actions to achieve compliance and the new reality of maintaining compliance in the future. Learn to document your status with self-attestation.
  • Part 2: Build cybersecurity into your bottom line and keep your federal business Part 2 includes a detailed review of the NIST 800-171 fourteen security families including 110 basic and derived security requirements. We’ll analyze how this specification matures your organization’s culture into a trained, policy and procedure driven workforce that protects the confidentiality of CUI you’re entrusted with.
  • Part 3: Conduct NIST 800-171 CUI Self-Assessment and create your POA&M Part 3 includes procedures and analysis for the assessment process, including comprehensive underlying requirement details mandated by appendix D and the CUI specific categories and sub-categories in the CUI Registry. Analysis includes identifying compliance/non-compliance and understanding your security maturity relative to industry standards. Procedures include documenting your findings (i.e. non-compliant controls) and developing your Plan of Actions & Milestones (POA&M) to implement corrections.
  • Part 4: Build your CUI Self-Attestation and CUI Deliverables Part 4 includes discussion of the multiple products and deliverables built into NIST 800-171 compliance. Each of these deliverables requires planning, people and resources. In addition to the self-attestation and POA&M, requirements include the Written Information Security Program (WISP), Configuration Management Plan (CMP), Information Security Continuous Monitoring (ISCM), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Security Awareness Program, Security Assessment Plan (SAP), Security Assessment Report (SAR), and the System Security Plan (SSP).

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.