NIST Controls Awareness Training (NCAT)
Resources
The resources section provides links to important documents and content that will assist in understanding security controls and conducting the assessment process.
Understanding DFARS 252.204-7012
- DFARS 252.204-7012 Clause
- This link points to the actual Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. Those using this link would want a concrete understanding of what the clause actually says.
- Safeguarding Covered Defense Information – The Basics
- This document provides a succinct description of DFARS Clause 252.204.7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
- DoD Procurement Toolbox, Cybersecurity FAQ
- This document compiles a list of common questions that have been raised on how to address the specifics of DFARS clause 252.204-7012
Key Documents for Compliance
- NIST 800-171
- In DFARS 252.204-7012, NIST 800-171 is highlighted as the set of security requirements necessary to achieve “adequate security” for systems that will interact with covered defense information (CDI).
- NIST 800-171A
- NIST Special Publication 800-171A provides guidelines for how a cybersecurity assessment for NIST 800-171 should be conducted. It can be used to identify the types of questions and the level of rigor that can be used for an assessment.
- NIST Handbook 162
- The NIST Handbook 162 is a guide that provides information needed to understand NIST 800-171 in less technical language. It gives explanations about how controls from each of the 14 families outlined in NIST 800-171 can be addressed and the types of questions to ask during an assessment.
- Patricia Toth (NIST) Briefing
- This video provides an overview of the requirements for defense contractors outlined in NIST 800-171. It describes the NIST Manufacturing Extension Partnership (MEP) three step process for compliance and helps attendees to gain a better understanding of the NIST 800-171 and NIST Handbook 162 publications. Patricia Toth is a Supervisory Computer Scientist in the Computer Security Division at NIST.
Documentation Templates and Examples
- System Security Plan Templates
- These documents can be used to provide examples for how a system security plan should be structured.
- Northrop Grumman NIST 800-171 Security Controls Examples
- Provides some examples of how to address specific security controls organized by Northrop Grumman.
Supporting Information
- Support Plan Development Document
- These NIST documents provide guidance on how to handle specific types of planning
documents.
- Contingency Planning Guide for Information Technology Systems, NIST Special Publication 800-34
- Computer Security Incident Handling Guide, NIST Special Publication 800-61
- Guide for Developing Security Plans for Federal Information Systems, NIST Special Publication 800-18
- Securing Wireless Local Area Networks (WLANs), NIST Special Publication 800-153
- NIST Small Business Cybersecurity Corner
- The NIST Small Business Cybersecurity Corner aims to provide companies with cybersecurity guidance, solutions, and training that is practical actionable, and enables them to cost-effectively address and manage their cybersecurity risks.