Even if you have completed your NIST 800-171 basic assessment, you must now test your controls as mandated. . Otherwise, you will be out of compliance and be subject to False Claims Act legal liability, and equally important, you will not be secure from the bad guys.
NIST 800-171 Security Control Requirements:
“Periodically assess the security controls...to determine if the controls are effective…” POINT VALUE: 5
“Develop and implement plans of action designed to correct deficiencies…” POINT VALUE: 3
“Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.” POINT VALUE: 5
So if you are not continuously testing your controls and fixing deficiencies, only are you not secure and inviting the bad guys to break in easily, but you are also out of compliance with NIST800-171 and the 110 score will be inaccurate, and in reality it will be 97 (110 – 13 points).
AUTOMATED CONTROLS TESTING
Sign up for the CyberCatch Automated Controls Testing Solution.