NIST SP 800-171 Protecting Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations

NIST has drafted Special Publication 800-171 that is titled: Protecting Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

The intent of this special publication is to provide a minimal set of security controls for Non-Federal Information Systems and Organizations AKA “Federal Contractors and their back end information systems utilized to deliver services to the Federal Government”.

The SP 800-171 has a familiar look and feel of that used in SP 800-53, the only difference being that there are less families of control and less controls as a whole.

It is expected that Federal Agencies will begin integrating 800-171 compliance at the individual contract level until a FAR (Federal Acquisition Regulation) is completed.

Aspiryon provides NIST 800-171 Compliance and Audit Services for Federal Contractor Systems and Organizations.


Aspiryon Earns Spot on DOD DTIC CSTATS Contract

Aspiryon has been awarded a position on the DOD DTIC CSTATS Contract.

The DOD DTIC CSTATS Contract includes:

Cyber Security (CS) – Full spectrum cyber operations including 1)developing CS planning frameworks and development of requirements and mission needs documents and conducting trade-off analyses; 2) cyber threat avoidance; 3) defensive cyber operations (DCO) including red teaming and performing threat assessments; and 4) cyber offensive and exploitative operations. All of the above may include: cyber technology research, analysis and prototyping, cyber situational and mission awareness, cyber modeling, simulation and war gaming, integrating innovative cyber technologies to enable cyber superiority and the facilitation of technology transition.

Software Data & Analysis – 1) Installation, demonstration, test, validation and evaluation of new and existing software, tools, methods and software measurement technologies; 2) evaluations of the quality of existing software systems and recommending improvements; 3) needs and risk analyses of software packages (developmental, non-developmental and commercial off the shelf (COTS) relative to mission requirements; 4) development, updating, and evaluation of software engineering standards, specifications, handbooks, or manuals; 5) supporting the revision and development of military standards and specifications; 6) verification and validation of solution sets and protocols; 7) assisting user organizations with all aspects of software development or software acquisition; 8) development of life cycle cost models; and 9) customization of software analytical tools, models, decision aids, screening methods and techniques used to evaluate and support the authenticity and continuity of DoD, national, commercial, and international information systems.

Knowledge Management and Information Sharing – 1) Expertise in working with comprehensive collections of empirical data on the development, operation, and maintenance of software systems; 2) analysis of this data (data may be from new or existing sources) – this includes data analytics (data to decisions); 3) supporting the development, delivery and/or evaluation of training (including classroom, computer-based-instruction, videotape, distance learning, and other forms of instruction); 4) expertise in advanced collaborative analysis tools that allow for the integration of existing and in-process social networking and intelligence data exploitation tools; and 5) supporting the evaluation, development and implementation of a wide variety of intelligence and collaboration systems including Global Net Centric Systems — this subject area could involve computer system engineering and integration, software engineering and software technology, R&D transition, and computer network and communication engineering, development and deployment (including engineering, development and deployment involving both network devices/hardware and applications).

Modeling and Simulation (M&S) – 1) M&S subject matter expertise for supporting program reviews, strategic planning, exercise management, knowledge acquisition, and operations coordination and monitoring; 2) providing support for DoD certification of compliance with High Level Architecture (HLA) for federates; 3) evaluating and improving models and databases that support IA; 4) the development and implementation of modeling and analysis tools for collaborative databases and data stores; 5) applying M&S for evaluating the effectiveness of forces, systems, doctrines, tactics and plans in support of training, analysis and acquisition activities; 6) evaluating M&S interoperability, reuse, capabilities and cost-effectiveness, particularly as fostered by the common technical framework; and 7) supporting cross-domain coordination, configuration management, and military exercises and demonstrations.

Full and Open Contract and Small Business Contract

Aspiryon Team Awarded Spot on Navy SeaPort-E Contract

Aspiryon has teamed with Romanyk Consulting Corporation and been awarded a contract on the Navy SeaPort-e Contract.

More info: The SeaPort Enhanced (SeaPort-e) Multiple Award Contract aids the Navy with acquiring support services in 22 functional areas including Engineering, Financial Management, and Program Management. The Navy Systems Commands (NAVSEA, NAVAIR, SPAWAR, NAVFAC, and NAVSUP), the Office of Naval Research, Military Sealift Command, and the United States Marine Corps compete their service requirements amongst 2400+ SeaPort-e IDIQ multiple award contract holders. All task orders are competitively solicited, awarded and managed using the SeaPort-e platform. Since nearly 85% of its contract–holders are small businesses, the SeaPort-e approach to acquiring services provides opportunity that fuels the Nation’s engine of job growth.

Contract Number: N00178-12-D-7031

Aspiryon Team Awarded Army AMCOM Express IDIQ Contract

Aspiryon has Teamed with Geeks and Nerds Corporation (GaN) and was awarded a position on the Army AMCOM Express contract.

Aspiryon Team Awarded DoD IAC IDIQ Contract

The Department of Defense Information Analysis Center has awarded IDIQ contracts for the Cyber Security and Information Systems Technical Area Tasks (CS TATs). Aspiryon is positioned on two winning teams on both tracks.

Full and Open Track- Batelle

Small Business Track- Solers

FedRAMP Makes It Official

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments.

Has published on its web site that Aspiryon, LLC. is an approved Third Party Assessment Organization (3PAO). This means that Aspiryon is officially certified to conduct security conformity assessments for Cloud Service Providers that want to deliver cloud services to the Federal Government and participate in the FedRAMP Program.

Lisa Crisman Managing Member stated “We are excited about the official posting on the web site. We are currently in discussions with Cloud Providers that are looking to offer their services to the Federal Market. Providers will find that we are responsive, organized and deliver on-time, that helps bring services to the government market in a quick and efficient manner. “

Aspiryon Earns Certification in the SBA 8(a) Business Development Program

The United States Small Business Administration has certified Aspiryon as a participant in the 8(a) Business Development Program.

What is the 8(a) Business Development Program?

  • The 8(a) Business Development Program is a business assistance program for small disadvantaged businesses. The 8(a) Program offers a broad scope of assistance to firms that are owned and controlled at least 51% by socially and economically disadvantaged individuals.
  • The 8(a) Program is an essential instrument for helping socially and economically disadvantaged entrepreneurs gain access to the economic mainstream of American society. The program helps thousands of aspiring entrepreneurs to gain a foothold in government contracting.
  • Participation in the program is divided into two phases over nine years: a four-year developmental stage and a five-year transition stage.

Benefits of the Program

  • Participants can receive sole-source contracts, up to a ceiling of $4 million for goods and services and $6.5 million for manufacturing. While we help 8(a) firms build their competitive and institutional know-how, we also encourage you to participate in competitive acquisitions.
  • 8(a) firms are also able to form joint ventures and teams to bid on contracts. This enhances the ability of 8(a) firms to perform larger prime contracts and overcome the effects of contract bundling, the combining of two or more contracts together into one large contract.

Requirements and Goals of the 8(a) Business Development Program

The overall program goal is to graduate 8(a) firms that will go on to thrive in a competitive business environment. There are some requirements in place to help achieve this goal. Program goals require 8(a) firms to:

  • Maintain a balance between their commercial and government business.
  • Limit on the total dollar value of sole-source contracts that an individual participant can receive while in the program: $100 million or five times the value of its primary NAICS code.

To make sure 8(a) firms are on track to accomplish their goals and are following requirements, the SBA district offices monitor and measure the progress of participants through:

  • Annual reviews
  • Business planning
  • Systematic evaluations

In addition, 8(a) participants may take advantage of specialized business training, counseling, marketing assistance, and high-level executive development provided by the SBA and our resource partners. You can also be eligible for assistance in obtaining access to surplus government property and supplies, SBA-guaranteed loans, and bonding assistance for being involved in the program.

Aspiryon Earns ISO 17020:2012 Certification (Conformity Assessments)

Aspiryon has earned the ISO 17020:2012 certification.  Elizabeth Crisman Managing Member of Aspiryon stated: “I’m proud of our staff.  Everyone has worked very hard to accomplish this task. Thank you ! We look forward to servicing the Cloud Market and assisting with the certification of  secure cloud based solutions for our nations government.”

Aspiryon Awarded GSA Federal Government Contract for Cyber Security Services

Aspiryon has received notification that a GSA Schedule 70 contract has been awarded for our Cyber Security Services. Elizabeth Crisman stated “Thank you for all of your hard work. It’s nice to see that our nation’s government sees the value in our services and has rewarded us with an opportunity to serve again.  “

Aspiryon Efforts Result in Award of ISO 27000 Certification

The Aspiryon Team has been working with the OCIO’s Office for several months on developing the ISO 27001 ISMS, supporting documentation, processes and procedures. The internal quality team reviewed the program and provided opportunities for improvement for the system. Third party auditors reviewed the system and found zero non-conformance’s and stated ” The USPS ISMS has been found to be effective and is well prepared for the 27001:2013 update with minimal effort.”