CyberDefenses www.cyberdefenses.wpengine.com hosted my third NIST 800-171 DIY Controlled Unclassified Information (CUI) class the second week of September and according to the students, it went really well. The class continues to evolve, from four separate webinars, to an on-premise two-day class, to an online two-day class. This version allowed time to add a three-hour security control and standards practical exercise to the four modules:
- Part 1 – CUI – Brace yourself
- Part 2 – Build cybersecurity
- Part 3 – CUI Self-Assessment
- Part 4 – CUI Self-Attestation
It’s become clear that many companies aren’t ready for the DFARS and FAR contract information security requirements covering 110 information security controls. To assist, CyberDefenses and I created the DIY class to establish initial compliance through self-assessment, documenting security control implementation, and creating a high-level Plan of Actions & Milestones (POA&M). Class materials include a detailed checklist with controls, standards, and POA&M framework sufficient to meet most requirements for December 2017 compliance. Also included is a self-attestation template for companies to provide to their downstream suppliers and sub-contractors.
We’ll soon add an online self-assessment tool providing both DoD and Federal Contractors a streamlined method to identify their strengths and weaknesses. And within a week or so we’ll publish a CUI specific Written Information Security Program (CUI-WISP) bundle with customizable templates for documenting an auditable compliance package. A pre-release version of the bundle is available at email@example.com.
The class fee is $495; the full amount can be applied to the separate $1,995 CUI-WISP bundle price.
Class registration for online classes Oct 9-11, Nov 13-14, and Dec 5-6 is open now at https://cyberdefenses.com/product-category/security-compliance/
New to NIST 800-171 planning? Here is an overview that will help you and your colleagues accelerate your strategies: https://cyberdefenses.com/nist-sp-800-171/