Skip to main content

Cybersecurity Program in NIST 800-171 Framework

Consumer & Industrial
Program Management
Cybersecurity program in line with NIST 800-171 framework developed.
The Challenge

One of the largest full-service general contractors, construction management firms, and construction materials producers in the US needed help developing and structuring a cybersecurity program in line with the NIST 800-171 framework. The program would include various security initiatives, such as vulnerability management, firewall remediation, SOC/NOC, FMA implementation, NIST, patch management, and more. They were seeking a Cybersecurity Architect and Program Manager to structure and develop the program with experience in NIST 800-171.  

The Solution

Because of our long-standing relationship with this client, they knew they could count on us to provide the right talent. We connected them to an experienced Cybersecurity Program Manager who was able to provide a roadmap and strategic plan to pursue DoD Cybersecurity Maturity Model Certification (CMMC), including the deployment of AWS services for FedRAMP Moderate authorized services.  

The consultant managed multiple teams, including two direct reports and three vendor teams, to cover anti-malware protections in McAfee, security incident and event management in SecureWorks, anti-phishing capabilities in KnowBe4, and security awareness programs. In addition, he managed a security operations team of two Security Engineers in expanding vulnerability and security event monitoring capabilities using Qualys, McAfee, and SecurityWorks. He also consolidated and conformed the security policy documentation to align with FAR/DFARS regulations and NIST 800-171 security requirements. Finally, he developed monthly reporting to the CIO on security operations, CMMC progress, and anti-phishing and security awareness programs. 

The Result

Due to our assistance, the client has made considerable progress toward CMMC compliance and built a robust cybersecurity program.