Businesses that have contractual relationships with the federal government are now required to comply with NIST 800-171 and soon be required to be certified. We assist DoD contractors throughout the United States prepare for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Audits by conducting an assessment and effectively implementing NIST security controls. As of December of 2017, all prime contractors and subcontractors were to be compliant with the DFARS cyber regulations. The CMMC will build upon DFARS and require all contractors to obtain CMMC.

3 Simple Steps for Audit Preparation

No matter the size of your business, you face the chance of being targeted by cyber crime. The easiest target is a business without strong security controls. Most small businesses are found more likely to fall into this category. Let Winsor protect your business so you don’t fall into these statistics!


We perform a detailed assessment of your current network and compare this with the cyber security controls required in NIST SP 800-171. We then prepare an SSP and POAM so that you can provide documented evidence to the DoD or your Prime that you’re on your way towards compliance. This step then serves as the basis for creation of the remediation plan.


In this step the items called out in the POAM need to be addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure.

Ongoing Compliance

Ongoing advanced cybersecurity monitoring and incident response capabilities are required to remain compliant. If a cyber incident occurs you must notify the DoD through the DIBNet Portal ( within 72 hours. You must also constantly assess and maintain the NIST 800-171 controls over time as systems change and fall out of alignment.

Fight Cyber-Crime

Assess and Secure Your Data

Dark Web Monitoring

Monitor and Manage Your Threats

Strengthen Your Infrastructure

Total Data Protection

Worry free cybersecurity

Allow Winsor to take away the stress of worrying about your business falling victim to any cyber attacks.

What's at stake?

Three consequences of non-compliance are certain: The federal government will terminate contracts over NIST 800-171 non-compliance since it constitutes a failure to uphold contract requirements. A company stating that it is compliant when it is not would be engaging in criminal fraud. Failing to comply can also constitute breach of contract, for not maintaining a specific code of conduct.

What are the requirements?

There are 14 categories of security requirements that must be met. Each category has a unique set of policy tests that affected programs must meet. Access Control Audit and Accountability Awareness and Training Configuration Management Identification and Authentication Incident Response Maintenance Media Protection Physical Protection Personnel Security Risk Assessment Security Assessment System and Communications Protection System and Information Integrity