NIST 800-171 Compliance

MikeRigsby · ‎10-26-2017

Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.

joe · ‎11-16-2021

MikeRigsby wrote:
Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.

-----------------------------------------------------------------------------------------------------------------------
I'm hoping to reinvigorate this conversation. Has anyone created any custom reports for either NIST 800-171, DFARS, or CMMC compliance? Would love to see what is out there. I am certain that Lansweeper can be a powerful tool to use in our compliance efforts.

Thanks in advance for your time and information!

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.

MikeRigsby · ‎11-16-2021

It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.

joe · ‎11-17-2021

MikeRigsby wrote:
It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.

Agreed. It would also be nice if the CMMC accreditation board would make up their minds as to what will actually be required of us. From what I have read there are expected changes to CMMC ver 2.0 already. Not to mention that genuine CUI does not yet exist. If you remember we were told that older contracts will not be modified and therefore we will not be required to meet the compliance standards "Retro-actively", and that any CUI we receive in the future will be clearly labeled as such. To this day our company has yet to receive anything, that according to the DoD, is "labeled at both the top and bottom of the document", with the markings that would identify it as Controlled Unclassified Information.

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.

MikeRigsby · ‎11-17-2021

It's especially fun when you work for a contract manufacturer, like the company I work for, where some of our customers are under the compliance requirements and some aren't.

CUI wise, there is a CUI Registry, https://www.archives.gov/cui/registry/category-detail/controlled-technical-info.html, that gives at least some decent guidelines on what should and shouldn't be considered controlled unclassified information, but it's still supposed to be up to the prime to be clearly labeling their data accordingly. Half the time THEY don't even know what is and isn't CUI.

We were working on CMMC Level 3, but now with the most recent changes we're shifted down to Level 2. In theory it should be easier to implement now, but we'll see. At least we're now allowed to have a POAM under CMMC.

Joeatheist wrote:
MikeRigsby wrote:
It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.

Agreed. It would also be nice if the CMMC accreditation board would make up their minds as to what will actually be required of us. From what I have read there are expected changes to CMMC ver 2.0 already. Not to mention that genuine CUI does not yet exist. If you remember we were told that older contracts will not be modified and therefore we will not be required to meet the compliance standards "Retro-actively", and that any CUI we receive in the future will be clearly labeled as such. To this day our company has yet to see anything, that according to the DoD, that has been labeled at both the top and bottom of the document with the markings that would identify it as Controlled Unclassified Information.

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.

rader · ‎07-20-2021

While this thread is old, we're in manufacturing and I've started the process recently towards CMMC Level 1 for starters, and hope to be compliant by the end of the year.

I can build on that to get to NIST 800-171 eventually.

Rich_Enroth · ‎04-18-2019

MikeRigsby wrote:
Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.

Yep,
However - Dec 31st of what year ?
You were talking about 2017 as the requirement was originally set.
I don't know of any single IT admin org who could possibly comply in true faith.
You need an IT fleet to set up the framework, documentation, scans and you'd be doing nothing else.
For a year.

~Rich

NIST 800-171 Compliance

General Discussions

New to Lansweeper?

Try Lansweeper For Free