DIY Policy and Procedure Template

Overview of P&P Template...

hncyberhnspacehntraininghnBloghncompliancecenterhninsidercmmcupdate

DIY Policy & Procedures (P&P):

Overview

Imprimis started the development of the Imprimis Inc. (i2) Assessment and Compliance Tool (ACT) for the NIST (SP) 800 standards in 2010 and the tool has gone through a number of releases and continues to evolve.  The tool is named  i2 ACT-800 (Imprimis Inc. Assessment and Compliance Tool) where the 800 refers to the NIST 800 special publication series of standards.

 

** The current release is version 3.6.2, and version 4.0 is under development and will include

the mandated DoD CMMC requirements scheduled for release in early Q2 of 2020. **

Policies and Procedures:

  • The Policy and Procedures (P&P) template is designed to serve as a template for developing Policies and Procedures (P&P) suitable for your organization and IT network and are NIST 800-171/53 focused.  CMMC DIY P&P Templates are under review at this time.
  • These P&P are structured to help you achieve compliance with all Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirements, and are organized into sections, each representing one of the 14 requirements families documented within NIST SP 800-171. Each section contains the related family policies, sub-policies, and procedures required to achieve compliance with those specific NIST SP 800-171 requirements. All related NIST SP 800-53 controls are identified and referenced.
  • This template is intended to be used as a guide. Before using, companies should review each policy and procedure thoroughly and then edit as appropriate to fit their specific organizational structure and information system design.
  • Companies deriving policies from the P&P template have found it to be more efficient than drafting and coordinating policies from scratch.  The document upon delivery, before personalization, is 68 pages long.  Each policy/sub policy offers mapping details to referenced 800-171 requirements and 800-53 controls.