Services

NIST Cybersecurity Services Plan


NIST 800-171A requirements are not about “checking the box” or a requirement to do business, but rather implementing NIST will support an organization’s longevity, stability, and security through a strong cybersecurity posture. Silent Sector will review a company’s NIST cybersecurity compliance plan on the Ivis compliance platform and provide feedback and recommendations if needed. This service provides an independent, expert review to ensure the company has a well defined, written plan to meet NIST Cybersecurity Compliance requirements.

Tier 1 – NIST Cybersecurity Plan Review

The NIST Cybersecurity Plan Review service takes the trial and error out of the NIST compliance process, reducing expenses, and clarifying path forward for a company. This program is designed for either those organizations that have already built a complete NIST cybersecurity plan and are leveraging the Ivis compliance platform or those who need recommendations on how to complete their plan to put into the Ivis compliance platform. It consists of two primary components.

NIST Cybersecurity Plan Review

A well designed NIST Cybersecurity Compliance Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. Silent Sector’s Plan Review provides an independent opinion to validate your current plan and may offer guidance to improve the plan where necessary.

Plan Recommendations

Some companies will have a plan in place, but may need adjustments in order to be considered viable. Professional recommendations are written alongside the existing plan in the Ivis compliance platform allow for focused effort and the best of resources through the duration of the compliance process.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.
NIST Cybersecurity Plan Review

  • Review of existing plan in the Ivis compliance platform
  • Recommendations based on a professional review, in the Ivis compliance platform
Project Deliverables

Silent Sector will provide the following deliverables:

  • NIST SP 800-171A Cybersecurity Plan Review
    • Plan review
    • Written recommendations if needed to have a complete and viable plan
    • Confirmation of review completion
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays. Silent Sector holds the right to start the project in the order it was received.

Initial Plan Review Week 1
Recommendations and Verification of Review Week 2
Pricing

All costs listed below are based on the cope and assumptions included in this Statement of Work

NIST Cybersecurity Plan Review $550

Tier 2 – NIST Gap Analysis & Plan Development

NIST Gap Analysis & Cybersecurity Plan Development services take the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program is designed for organizations that require a cybersecurity plan to meet NIST requirements and will be utilizing the Ivis compliance platform. This program consists of two primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a detailed understanding of where they fall short of meeting NIST SP 800-171A requirements. Silent Sector will review the existing compliance plan to provide a 3rd party perspective on the status of the plan and assist with identifying shortcomings. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Cybersecurity Compliance Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Cybersecurity Compliance Plan will provide a clear path from its current state to achieving and maintaining compliance. This plan will incorporate the use of the Ivis compliance platform.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.

Gap Analysis – Current Posture to NIST SP 800-171A

  • Client interviews, 4-8 hours based on availability and readiness
  • A detailed comparison of interview responses with NIST cybersecurity requirements
  • Documented NIST SP 800-171A Cybersecurity Gap Analysis

NIST Cybersecurity Plan Development

  • Review of Gap Analysis with applicable staff
  • Pre-planning interviews, 4-8 hours based on availability and readiness
  • Plan development and delivery
  • Plan review and discussion with applicable staff
Project Deliverables

Silent Sector will provide the following deliverables with a maximum time allocation of 40 hours.

  • Gap Analysis – Current Posture to NIST SP 800-171A
    • Documented NIST Cybersecurity Gap Analysis
    • One hour review of Gap Analysis with applicable staff
  • NIST Cybersecurity Plan Development
    • Documented NIST Cybersecurity Alignment Plan to guide cybersecurity compliance requirements
    • Cybersecurity plan discussion with applicable staff (up to 2 hours)
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

 

Interviews & Information Collection Week 1
Analysis and Gap Assessment Development Week 2
Pre-Planning Interviews & NIST Alignment Plan Development Weeks 3 – 4
Report Delivery, Review, and Discussions Weeks 4 – 5
Pricing

Please contact Ivis at [email protected]

Tier 3 – NIST Cyber Alignment

The NIST Cyber Alignment program takes the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program consists of three primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a clear picture of what is already in place and where they fall short of meeting NIST requirements. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Alignment Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Alignment Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. It leverages the Ivis compliance platform for ease of tracking and evidence retention.

Cyber Risk Assessment

A clear understanding of risks and potential attack vectors is the foundation of cybersecurity. Silent Sector provides a clear but detailed analysis of vulnerabilities and the current state of risk.

Silent Sector will provide an independent perspective of cybersecurity vulnerabilities and risks related to network infrastructure and any critical web applications. This allows for the development of a strong security posture, while making the best use of resources.

Conducting the Risk Assessment will:

  • Identify vulnerabilities in critical network and web application components
  • Create a vulnerability and risk baseline for any publicly accessible infrastructure
  • Provide reference and guidance documentation for use by IT Team leadership
  • Provide 3rd party assessment documentation for presentation to prospects and clients
Project Scope

In an effort to ensure that companies maintain a secure and digital environment, Silent Sector will perform the following cyber risk and NIST SP 800-171A compliance related activities.

Gap Analysis – Current Posture to NIST SP 800-171A

  • Client interviews, 4-8 hours based on availability and readiness
  • A detailed comparison of interview responses with NIST cybersecurity requirements
  • Documented NIST Cyber Security Gap Analysis

NIST Alignment Plan Development

  • Review of Gap Analysis with applicable staff
  • Pre-planning interviews, 4-8 hours based on availability and readiness
  • Plan development and delivery
  • Plan review and discussion with applicable staff

Cyber Risk Assessment of Network Infrastructure (maximum of 60 hours)

  • External vulnerability scans, up to 254 IP addresses
  • Web application scans, up to 2 web applications
  • Risk ranking
  • Vulnerability documentation
  • Remediation recommendations
  • IT infrastructure security recommendations
  • Executive and technical level reporting
Project Deliverables

Silent Sector will provide the following deliverables:

  • Gap Analysis – Current Posture to NIST SP 800-171A
    • Documented NIST Cyber Security Gap Analysis
  • NIST Alignment Plan Development
    • One hour review of Gap Analysis with applicable staff
    • Documented NIST Alignment Plan to guide CompanyA in meeting cyber security compliance
    • Two hour plan review and discussion with applicable staff
  • Cybersecurity Assessment Report
    • Executive Summary
    • Current threat level definitions & overview
    • Identified vulnerabilities by type
    • Remediation & findings recommendations
    • Comprehensive list of findings
    • Review of findings with development leadership upon request
    • Raw scan outputs
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

Interviews & Information Collection Week 1
Analysis and Gap Assessment Development Week 2
Pre-planning Interviews & NIST Alignment Plan Development Weeks 3 – 5
Report Delivery, Review, and Discussions Week 6
Pricing

Please contact Ivis at [email protected]