i2ACT Product Overview

Imprimis Assessment and Compliance Tools

Overview

Imprimis started the development of the Imprimis Inc. (i2) Assessment and Compliance Tool (ACT) for the NIST (SP) 800 standards in 2010 and the tool has gone through a number of releases and continues to evolve.  The tool is named  i2ACT-800 (Imprimis Inc. Assessment and Compliance Tool) where the 800 refers to the NIST 800 special publication series of standards.

UPDATE: As of 2022 we have been working on the development and upgrade of our i2ACT 800 Tool set to accommmodate CMMC 1.0 and now CMMC 2.0 Feature sets.  For a more detailed overview of the new i2ACT CMMC | Level 1 and 2 products, you can refer to this page: CMMC 2.0 - i2ACT CMMC | Levels 1 and 2 Overview

CMMC I2ACT 800s and I2ACT 800 PRO SOFTWARE TOOLS

Imprimis is pleased to announce that we are working diligently to update our i2ACT 800s and I2ACT-800 PRO software tools to include the new Cybersecurity Maturity Model Certification requirements.  The DoD is still in the process of defining standards and the level of documentation, artifacts and evidence that will be required.  We are planning to release Version 4.0 sometime during Q4 of 2021.

The updates and new features will include:

• DoD CMMC practices, processes and baselines – Levels 1 through 5

• NIST SP 800-171 – Revision 2

• NIST SP 800-171B (draft or final) – will be included in the CMMC baselines or separately and the user will be able to select either NIST 800-171 and/or NIST 800-171B at the beginning of an assessment as a baseline

• NIST 800-53 Rev 5 Controls Catalog

• Enhanced Functionality allowing multiple remediation tasks per requirement to be defined in the assessment process thereby enhancing the POA&M produced directly from the tool

• Enhanced notetaking to include an area for the assessor’s unpublished notes

• Any revisions or errata updates published by NIST (800-53, 800-53A, 800-171, 800-171A, 800-171B, Handbook 162) or DSS during the interim period

i2ACT 800 Software Overview

       There are multiple versions of the i2ACT-800:

• The i2ACT-800 Pro Tool contains all the controls from the NIST 800-53 catalog of controls, NIST 800-171, DAAPM, and CNSSI 1253, and  contains over 50 preconfigured baselines. 

• The second tool is the i2ACT-800s which is dedicated to the NIST 800-171 standard required by the DFARS 204.73 regulations. 

• Imprimis also developed an i2ACT 800 Rollup Tool to allow the viewing and analysis of up to 100 separate assessments at any time.

The tools easily operate on laptops or desktops.  The runtime version is used where possible so that no special software requirements are imposed on the use.  In addition, the tool is available in 2016 MSI (Microsoft Installer) 32 bit and 64-bit versions, and 2019 and Office 365 CTR (Microsoft Click to Run) in both 32- and 64-bit versions.

What are the Major Advantages of the i2ACT-800?

Originally, the i2ACT-800 was developed as a productivity tool to reduce the time required for assessments.  It was very successful at streamlining the process and minimizing labor.  But the tool has evolved resulting in three major benefits:

1. Productivity Enhancement: The tool speeds the process and allows collaboration with multiple staff members, so assessments take a fraction of the time they previously did;

2. Learning and Training: The tool contains many references and explanations of the cybersecurity requirements which allows first-time assessors to spin up in much less time and work with far greater accuracy, and allows experienced assessors to increase the depth of their knowledge; and

3. Document Management System: Assessing and demonstrating compliance requires a great deal of record keeping from policies and procedures to screen shots of settings, scans, logs, and other sources of information that demonstrate compliance. All such documents are contained permanently in the database in a logical easily access file system for auditor, future assessments and training.