Earthling DFARS \ NIST 800-171 & EDTECH Solutions

Earthling NIST SP 800-171 Services for Higher Education

Comply with NIST SP 800-171 and protect federal information in your higher education environment

Advisory and Assessment Services

Higher education organizations process data and provide services to the U.S. government in the form of federal financial aid administration or distribution, grant awards for research, or contract awards for services. This makes educational institutions an attractive target for hackers attempting to gain access to personally identifiable information, such as student financial aid data.

To protect against such cyber-attacks, universities and colleges may be subject to federal security standard requirements outlined in NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”. This typically occurs in the following scenarios:

If your institution has been awarded a contract and is subject to FAR or DFARS regulations.

If the language in an awarded grant stipulates security requirements.

If you’ve received a notification from the Department of Education as part of your responsibility for protecting data related to financial aid.

NIST SP 800-171 provides the guidance you need to ensure that certain types of federal information is protected when processed, stored, and used in non-federal information systems, and helps rotect the confidentiality of Controlled Unclassified Information (CUI).

The CUI requirements within NIST SP 800-171 are directly linked to the baseline controls described in NIST SP 800-53 — “Security and Privacy Controls for Federal Information Systems and Organizations” — and are intended for use by federal agencies in contracts or other agreements established between those agencies and non-federal organizations.

NIST 800-171 Automated Control Framework in AWS & Azure

   In October 2016, all Department of Defense contractors were directed to implement NIST 800-171 standards “as soon as practical, but not later than December 31, 2017.” As this deadline approaches, organizations must begin to document how certain types of federal information is protected when processed, stored and used in non-federal information systems. As this protected information, can be easily disseminated and distributed across a dizzying number of platforms and systems, organizations have found that documenting compliance can be a time-consuming and difficult task.


430.png

Automated

195.png

Templatized

225.png

Fully Managed

DFARSaaS: Earthling Security provides a fully managed and automated secure service bundle (DFARS-as-a-Service) that is designed to completely meet NIST Special Publication 800-171 requirements in response to the U.S. Department of Defense (DOD) Defense Acquisition Federal Regulation Supplement (DAFRS). The solution involves on-boarding workloads applications to the EarthlingCloud platform on the AWS cloud with automated security controls at the architectural and operational layer. Security and Development operations are conducted by our team in accordance with a Continuous Monitoring Program and an enhanced Incident Response program. Required documentation is templatized to expedite the attestation process. Our SecDevOps and Compliance engineers collaborate closely with customers’ developers, security team and project managers to ensure all layers of a workload or application have been adequately secured and documented based on NIST SP 800-171 requirements.

How Earthling Security Helps

Earthling Security provides advisory and assessment services to meet your NIST SP 800-171 needs.

Our experience with higher education institutions means we understand the unique nature of distributed systems in a university setting. From controls mapping of various environments, to documentation development for a system security plan (SSP), to security testing and more, Earthling Security can do it all through an assessment process follows a Risk Management Framework (RMF) approach.

NIST SP 800-171 Assessment – Includes:

FIPS 199 system categorization

FIPS 200 and agency control selection (Department of Education, contract/grant award)

Implementation of applicable security controls

Assessment of security controls

Authorization recommendation of systems

Continuous monitoring

NIST SP 800-171 Advisory – We support or create NIST 800-171 required documentation sets including a System Security Plan (SSP) to protect and ensure the control of CUI and any additional guidance based on client or agency (Department of Education, contract/grant award) requirements.

Why Choose Earthling Security for
your NIST-Based Assessment Services

Earthling Security provides advisory and assessment services to meet your NIST SP 800-171 needs.

Our experience with higher education institutions means we understand the unique nature of distributed systems in a university setting. From controls mapping of various environments, to documentation development for a system security plan (SSP), to security testing and more, Earthling Security can do it all through an assessment process follows a Risk Management Framework (RMF) approach.

Earthling Security has been working with higher education institutions including entire state university systems for PCI DSS compliance, FISMA compliance, GLBA and cyber risk program development since our inception in 2001.

Earthling Security is an accredited Federal Risk and Authorization Management Program (FedRAMP) third party assessment organization (3PAO), a designation obtained in part through demonstrated, technical experience with NIST 800-53 assessments.

Earthling Security has conducted FISMA and other NIST-based assessments that are relied on by leading agencies such as HHS, NASA, ED, CMS, U.S. Census and more.

Learn about Earthling EDTECH Solutions


Our Clients


Seal_of_the_United_States_Department_of_Education.svg.png
photo.jpg
NASA_logo.svg.png

CUSP_logo.jpg

photo-1.jpg

Contact us to learn:

The importance of NIST 800-171 and relationship of this publication to other industry compliance standards
How AWS services enable meeting NIST 800-171 compliance for DFARS requirements

  • That AWS data feeds provide unique and valuable insight for compliance reporting

How using Earthling’s EarthlingCloud platform and DFARSaaS offering can help automate NIST 800-171 compliance and provide real-time compliance status

  • A true solution must include dynamic and static input in a unified view.
  • Having real time and actionable compliance data helps identify gaps and increase overall security posture.
  • Correlating multiple data sources can reduce compliance effort.

Earthling Security has conducted FISMA and other NIST-based assessments that are relied on by leading agencies such as HHS, CMS, NIH, DHS, DOT and more.

Engage the experts – learn how we can help you*

* Please allow up to 48 hours for a representative to contact you.

Support
info@earthlingsecurity.com

General Inquiries: 202-445-4959
SOCNOCSupport: 1-888-500-2578

Send us a message