NIST 800-171 & CMMC Policies, Standards, Procedures & More
At ComplianceForge, we take a unique view towards writing cybersecurity documentation. We developed a comprehensive and scalable way to write cybersecurity documentation that minimizes redundancies and inefficiencies that plaque cybersecurity governance. We know a standard is a standard for a reason.
We have a wide variety of documentation that can fit your specific needs that range from Level 1 all the way through Level 5 CMMC compliance obligations.
Since a picture can be worth 1,000 words, the image to the right helps describe a methodology visualize a "Plan, Do, Check & Act" approach to CMMC & NIST 800-171 compliance. It is the CMMC / NIST 800-171 version of the Integrated Cybersecurity Governance Model (ICGM) that describes "how to do governance, risk & compliance" in practical terms.
Note: That image is a poster-sized PDF that you can print out on a plotter, if you have access to one.
The is pretty simple - identify the requirements and develop the evidence of due diligence and due care to be able to successfully demonstrate compliance with your NIST 800-171 and CMMC obligations.
ComplianceForge can provide the "full stack" of cybersecurity and privacy documentation to meet your statutory, regulatory and contractual obligations.
The video to the right helps demonstrate how the ComplianceForge documentation ties everything together to create a scalable, comprehensive cybersecurity & privacy governance program:
CONTROL OBJECTIVES exist to support POLICIES
STANDARDS are written to support CONTROL OBJECTIVES
PROCEDURES are written to implement the requirements that STANDARDS establish
CONTROLS exist as a mechanism to assess/audit both the existence of PROCEDURES / STANDARDS and how well their capabilities are implemented and/or functioning
METRICS exist as a way to measure the performance of CONTROLS