The Federal Government is now requiring all contractors to provide evidence regarding how you are protecting Controlled, Unclassified Information (CUI). In addition, according to Department of Defense (DoD) DFARS 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting rule, all DoD contractors must complete a compliance assessment against NIST SP800-171. Contractors must also be prepared to provide compliance evidence and documentation.

Your Trusted Information Security & Compliance Advisers
4A’s experienced security professionals provide the guidance you need to meet federal requirements
Our seasoned IT professionals will validate the effectiveness of your organization’s security control implementation and assess your organization’s compliance with Federal requirements.  Our team also provides guidance and recommendations on prioritizing the next steps to fully meet the requirements, if any. Every 4A team provides your organization with the optimal blend of skills and expertise in IT Security, Risk Management and Compliance to help ensure that your organization can provide documentary evidence of compliance with Federal Requirements for Securing CUI. Our team includes professionals who have helped secure organizations around the world, while complying with extensive security requirements, including NIST 800-53.

How Does 4A’s CUI NIST SP800-171-Service Work for You?
The goal is to make sure your organization is fully compliant and can prove it. Our team will identify any gaps in your CUI information security implementation, and will then work with your organization to develop and implement a prioritized plan to mitigate outstanding issues. Depending on your unique needs, a NIST SP800-171 Assessment may include:

  • FIPS 199 Impact Validation
  • FIPS 200 and NIST SP800-53r4 Control Selection
  • Vulnerability Assessment & Penetration Testing
  • Incident Response Plan Development & Testing
  • Security Architecture Review
  • Security Awareness & Training

Why 4A Security & Compliance is Your Best Choice
Our Team Understands Your IT Security, Compliance and Business Risks

We know that first and foremost, you have a business to run. But IT Security is a significant business risk that must be addressed, both because of the growing threat to information systems and because it is now a requirement for Federal Contractors.

From the beginning, 4A Security & Compliance has been dedicated to helping U.S. organizations strengthen information security and meet business requirements at the same time. This is the challenge of cyber risk management and we have helped a wide range of organizations achieve these two objectives, from global public companies to small businesses, mid-sized enterprises to start-ups.

Our Capabilities
We have experience assessing IT security as well as providing guidance and support services for every kind of security program, from mature, well-staffed and well-funded security teams, to non-existent, build-it-from-scratch. As part of the 4A Security & Compliance CUI NIST SP800-171 Security Assessment & Advisory Services offering, we conduct IT security assessments and provide you with the services you need to protect Controlled Unclassified Information, mitigate critical security gaps and meet regulatory requirements. Our offering includes a range of services, from security program development and implementation, to regulatory and standards compliance, to security education and training.

Our team will help you:

  • Validate and document your organization’s compliance with SP800-171
  • Identify security risks and prioritize any required mitigation activity
  • Assist with security control design and implementation
  • Address gaps, manage risk and allocate resources to better protect your organization
  • Develop and align security strategies to support your business goals

Our job isn’t just to find the problems. Our job is to offer solutions and get them done!
We focus on understanding your organizational reality on the ground, and providing you with realistic, actionable information and solutions that deliver value for your organization. Our advisors average over 20 years of experience in the industry, so we understand the challenges you face and what it takes to be effective and advance your business and cyber risk management objectives.