Dolce Vita IT Solutions LLC provides small and mid-sized businesses with a proactive, professional, and cost-effective outsourced IT department. This is why business owners come to us for help, and their success is what we deliver.
NIST Assessments
NIST assessments are set up as projects. These projects have several phases and are designed to meet the client’s risk and time requirements for completion
Manufacturers operate in in a demanding environment regardless of what they produce. But manufacturers who act as subcontractors to the government often are producing items which entail significant risk to information. This risk forces the government to take responsible steps to protect their supply chain. The key risks include:
Nation-state actors who wish to steal proprietary data to shortcut their own manufacturing processes
Insiders who elect to sell out their organization by offering to steal proprietary data
Actors who wish to sabotage specific items by altering manufacturing processes including design tolerances, changes to heating/cooling/curing processes
Businesses who wish to obtain shortcuts for their own processes
Inadvertent loss or disclosure of procedural information due to poor security controls and/or marginal user training
NIST frameworks are challenging for all businesses
When manufacturing businesses first see the scope of NIST 800-171 rev 1 for example, the executive staff and IT group often feel overwhelmed. This can result in putting off the steps required to be able to self-certify the organization’s security posture. This is a key mistake because the potential cost of contract loss is high. The government knows that statistically the most significant risk to a manufacturer is compromise of proprietary data held by small and mid-sized manufacturing subcontractors. The fact is that following NIST cybersecurity frameworks is smart business…it is relevant regardless of whether a manufacturer is a government subcontractor or not.
The DolCe Vita it solutions approach is different
Dolce Vita is methodical about its approach to security. Our general approach:
we execute an mutual non-disclosure agreement with the client
we work with the client to define the early objectives of the assessment including timeframes
DVITS performs both remote and on-site security surveys to define basic network configurations and security issues
Onsite we review the existing infrastructure, chronic issues, and physical security measures
We meet with specific client staff to gain a better understanding of current risks
DVITS runs an in-depth analysis of the on-site assessment results
We provide the client with the assessment and the required gap analysis which defines the initial Plan of Action and cybersecurity timeframe milestones required to correct identified security issues and reduce risk
Dolce Vita has the capability to perform the vast majority of the required remediation steps from local on-premise systems to cloud services
What does an assessment by dolce vita it SOLUTIONS have?
an executive summary with key findings
a summary of recommendations which ties back to every individual subsection of the NIST 800-171 standard
a review of how and where all known data is stored and how it is backed up
a review of key services and how they are secured
Other appendices dealing with cloud services, IoT devices in use, and other issues specific to that client’s business environment.
Sections which deal with the written policies recommended by NIST and some specific requirements these policies must address, including data handling, security, business continuity, HR and any other policies which impact the security of data.
In short, a NIST assessment by Dolce Vita is intended to provide you with the information needed to move your compliance plan forward at your pace!
what’s your excuse? every journey starts with that first step!
Every client whose business we have earned has many of the same fears you do right now. Call us at 405-348-1192 to discuss your NIST concerns, your risks and your time requirements.