Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 Audit support. We are ready when you are!

Lazarus Alliance Proactive Cyber Security® services minimize performance and operational risks with our industry-leading, innovative, and cost effective Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 focused services.
Department of Defense (DoD) contractors are being required to comply with the Defense Federal Acquisition Regulation Supplement (DFARS) which addresses requirements for safeguarding covered defense information controls in government contractor systems.
Covered defense information is a broad term for unclassified controlled technical information or other Controlled Unclassified Information (CUI), which has protection and dissemination requirements.
 
These safeguards include cyber incident reporting requirements. The mandatory controls are detailed in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171: Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.

Just the facts ...

The professionals at Lazarus Alliance are completely committed to you and your business’ Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 focused audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership framework developed on trust and credibility creating sustainability within your organization.

Find out more by calling +1 (888) 896-7580 today.

Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 Audit support framework. We are ready when you are!

The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. Lazarus Alliance provides agencies with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in nonfederal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry. The requirements apply to all components of nonfederal information systems and organizations that process, store, or transmit CUI, or provide security protection for such components. The CUI requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.

Comprehensive Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 Compliance Audit Services

Lazarus Alliance's primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 compliance leadership solutions and is fully dedicated to global success in these disciplines. We can help your organization too! Our client’s come from all business sectors across the world.

The DoD has mandated compliance! You gain many strategic business advantages by offering market differentiation and leadership showing others credible evidence of good practice. In addition to risk avoidance, a Lazarus Alliance Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 compliance audit will demonstrate due diligence in the event of legal action from breach of contract with the DoD.

Once a company has made the decision to enlist a third party to provide Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 based compliance audit services, they want assurances that those services will be provided timely, accurately and securely. A Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 based compliance audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.

Assessments

Achieve success with the industry’s most proactive and innovative third-party assessment organization. Rely on our industry-leading Cybervisors™ who know the technical rigor and scrutiny you can expect during Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 based assessments.
Lazarus Alliance services includes Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 controls assessments, As there are 109 controls in NIST SP 800-171, government contractors may be concerned about successfully navigating the road to compliance. A gap analysis can determine a remediation approach for deficient areas using the applicable NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations controls.
In accordance with the federal CUI regulation, federal agencies using federal information systems to process, store, or transmit CUI, as a minimum, must comply with:

  • Federal Information Processing Standards (FIPS) Publication 199: Standards for Security Categorization of Federal Information and Information Systems (moderate confidentiality impact)
  • Federal Information Processing Standards (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems
  • NIST 800-37: Applying the Risk Management Framework to Federal Information Systems
  • NIST 800-53: Assessing Security and Privacy Controls in Federal Information Systems and Organizations
  • NIST 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories
  • NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Cybervisor™ Consultations

A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 compliance audit methodology which take a continuous audit approach rather than the end of reporting period Audit Anarchy approach by other firms. We will also utilize our proprietary IT Audit Machine technology to set you up for success. The IT Audit Machine is a full-featured and highly collaborative assessment and reporting tool only available from Lazarus Alliance.
Lazarus Alliance Cybervisors™ assist with guiding remediation activities including the clear documentation of controls via matrices or procedures that are developed from a comprehensive suite of IT policies. Once the appropriate controls and documents are in place, we then monitor the controls for proper design and operating effectiveness. If controls sufficiently address the NIST 800-171 control objectives but vary from the requirements in 252.204-7012, we may submit on your behalf an exception request for the DoD Chief Information Officer (CIO) to consider. This process is also followed when it is determined that a control is not applicable.
Lazarus Alliance Cybervisors™ assist with Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 documentation development, including System Security Plan (SSP), Contingency Plan (CP), Incident Response Plan (IRP), Configuration Management Plan (CMP), Privacy Impact Assessment (PIA), and Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization, Policies, Procedures and more.

Working Smarter Not Harder

Lazarus Alliance creates sustainable Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 based compliance partnerships with our clients. We have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule. You will come to appreciate our Service, Integrity and Reliability which will be apparent to you from the very first call.

It’s Complicated!

Applicable Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 Audit Laws

  • Computer Fraud and Abuse Act [PL 99-474, 18 USC 1030]
  • E-Authentication Guidance for Federal Agencies [OMB M-04-04]
  • Federal Information Security Management Act (FISMA) of 2002 [Title III, PL 107-347]
  • Freedom of Information Act As Amended in 2002 [PL 104-232, 5 USC 552]
  • Guidance on Inter-Agency Sharing of Personal Data . Protecting Personal Privacy [OMB M-01-05]
  • Homeland Security Presidential Directive-7, Critical Infrastructure Identification, Prioritization, and Protection [HSPD-7]
  • Internal Control Systems [OMB Circular A-123]
  • Management of Federal Information Resources [OMB Circular A-130]
  • Management.s Responsibility for Internal Control [OMB Circular A-123, Revised 12/21/2004]
  • Privacy Act of 1974 as amended [5 USC 552a]
  • Protection of Sensitive Agency Information [OMB M-06-16]
  • Records Management by Federal Agencies [44 USC 31]
  • Responsibilities for the Maintenance of Records About Individuals by Federal Agencies [OMB Circular A-108, as amended]
  • Security of Federal Automated Information Systems [OMB Circular A-130, Appendix III]
  • Applicable Standards and Guidance

Applicable Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 Audit Standards

  • A NIST Definition of Cloud Computing [NIST SP 800-145]
  • Computer Security Incident Handling Guide [NIST SP 800.61, Revision 1]
  • Contingency Planning Guide for Federal Information Systems [NIST SP 800-34, Revision 1]
  • Engineering Principles for Information Technology Security (A Baseline for Achieving Security) [NIST SP 800-27, Revision A]
  • Guide for Assessing the Security Controls in Federal Information Systems [NIST SP 800-53A]
  • Guide for Developing Security Plans for Federal Information Systems [NIST SP 800-18, Revision 1]
  • Guide for Developing the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach [NIST SP 800-37, Revision 1]
  • Guide for Mapping Types of Information and Information Systems to Security Categories [NISP SP 800-60, Revision 1]
  • Guide for Security-Focused Configuration Management of Information Systems [NIST SP 800-128]
  • Information Security Continuous Monitoring for Federal Information Systems and Organizations [NIST SP 800-137]
  • Minimum Security Requirements for Federal Information and Information Systems [FIPS Publication 200]
  • Personal Identity Verification (PIV) of Federal Employees and Contractors [FIPS Publication 201-1]
  • Recommended Security Controls for Federal Information Systems [NIST SP 800-53, Revision 4]
  • Risk Management Guide for Information Technology Systems [NIST SP 800-30]
  • Security Considerations in the System Development Life Cycle [NIST SP 800-64, Revision 2]

Leveraging the Continuum GRC IT Audit Machine, Security Trifecta methodology and the Policy Machine, Lazarus Alliance provides international standards that are recognized as “Best Practices” for developing organizational security standards and controls that support Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 based compliance audit certifications and assessments.

We Have What It Takes!

Lazarus Alliance is an A2LA ISO/IEC 17020 accredited organization certification number 3822.01.

We want to be your partner and Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800- 171 compliance audit assessor of choice! For additional information please contact us using the form to the right or calling 1-888-896-7580.