A tool to help achieve and demonstrate compliance with NIST SP 800-171 - Protecting controlled unclassified information in non federal information systems and organizations.

The National Institute of Standards and Technology (NIST) Standard NIST SP 800-171 determines controls for the protection of controlled unclassified information in non federal information systems and organizations.

This is a very comprehensive standard requiring organisations to implement controls, systems and processes with an emphasis on the protection of information.

SAM-Protect is a cloud based tool that assists organisations assess their compliance with NIST SP 800-171, create and manage Actions and Tasks to work toward full compliance, track improvement along the way, and produce easy to understand Reports on how well you are doing to date.

SAM-Protect Management Methodology

SAM-Protect tracks compliance against five major functional requirements for the protection of information:-

  • Identify
  • Manage
  • Detect
  • Protect
  • Respond

    SAM-Protect breaks these overarching requirements down into individual Categories and, for each of these, you can see how effectively your current processes, procedures and technology deployments meet the security requirements defined within NIST SP 800-171.

    At the base level of SAM-Protect are the Workplans. To save you the time and effort of generating your own set of controls from the relevant security controls referenced within NIST SP 800-171 our Workplans are already populated with requirements derived from relevant sections of NIST SP 800-53r5 and ISO 27002:2013 and we have also used CIS Controls v6.1 as an additional source.  Cross references to these sources are included where applicable.

    Establishing how well you have completed these within these Workplans allows you to develop an overall picture of how effective your NIST SP 800-171 related controls are, and quickly identify areas that need extra activity.

    In common with all of the SAM for Compliance systems, integrated Action and Task Managers help you through the remediation and improvement process while our comprehensive reporting functionality enables you to easily communicate your compliance status with your Executives or compliance bodies.