DIY Policy & Procedures (P&P):
Imprimis started the development of the Imprimis Inc. (i2) Assessment and Compliance Tool (ACT) for the NIST (SP) 800 standards in 2010 and the tool has gone through a number of releases and continues to evolve. The tool is named i2 ACT-800 (Imprimis Inc. Assessment and Compliance Tool) where the 800 refers to the NIST 800 special publication series of standards.
** The current release is version 3.6.2, and version 4.0 is under development and will include
the mandated DoD CMMC requirements scheduled for release in early Q2 of 2020. **
Policies and Procedures:
The Policy and Procedures (P&P) template is designed to serve as a template for developing Policies and Procedures (P&P) suitable for your organization and IT network and are NIST 800-171/53 focused. CMMC DIY P&P Templates are under review at this time.
These P&P are structured to help you achieve compliance with all Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171 requirements, and are organized into sections, each representing one of the 14 requirements families documented within NIST SP 800-171. Each section contains the related family policies, sub-policies, and procedures required to achieve compliance with those specific NIST SP 800-171 requirements. All related NIST SP 800-53 controls are identified and referenced.
This template is intended to be used as a guide. Before using, companies should review each policy and procedure thoroughly and then edit as appropriate to fit their specific organizational structure and information system design.
Companies deriving policies from the P&P template have found it to be more efficient than drafting and coordinating policies from scratch. The document upon delivery, before personalization, is 68 pages long. Each policy/sub policy offers mapping details to referenced 800-171 requirements and 800-53 controls.