ResearchSOC’s services can be a key component of a cybersecurity program that addresses the requirements of SP800-171. Meeting regulatory requirements in grants and contracts is becoming increasingly challenging as research institutions face new types of regulated data such as Controlled Unclassified Information (CUI). Protecting CUI requires implementing roughly a hundred controls described in NIST Special Publication 800-171. ResearchSOC (and OmniSoc) can bolster your compliance effort by fully or partially addressing nearly 20% of these controls in control families such as awareness and training, audit and accountability, incident response, security and risk assessment, systems and communication protection, and system and information integrity. However, simply engaging the ResearchSOC will not fulfill all the requirements of SP800-171, as the ResearchSOC is not a complete security program.
NIST 800-171 Crosswalk
CIS Top 20 Crosswalk
ResearchSOC enables our clients to jump start their security program by providing or supporting adoption of nearly all Implementation Group 1 controls at the end of initial onboarding. ResearchSOC basic and premium services further allow clients to implement the majority of Implementation Group 2 controls, while the proposed SIMSCI project aims to provide advanced red-teaming capabilities for organizations focused on meeting regulatory or compliance requirements in Implementation Group 3.