SMB Implementation Book
This book guides the Small to Medium business through the implementation process.
For the smaller organization, implementation of NIST SP 800-171 can seem like an overwhelming challenge. Yet, many companies find themselves in the position of having to implement or stop selling to the Department of Defense (Due to DFARS 252.204-7012). So, for some businesses, their choice is to implement these controls or cease to exist.
In the NIST SP 800-171 standard there are 109 individual requirements that span a wide range of areas related to security. Although the stated goal of the program is to protect Controlled Unclassified Information (CUI), only a few of the requirements are specific to CUI. Most of the requirements are associated with creating a secure environment. An example of why this makes sense: if a company were to handle their CUI with great care, but there was no protection from email-borne malware, then the protections of the CUI were useless because machines could be easily taken over.
While there are some requirements are simple, straightforward and easy to implement, there are others that are not. Some of the requirements need significant research just to figure out what is needed. Others threaten to require changes in how business is conducted. There are also requirements that look like they will need many, many hours to meet them. Some requirements sound like they can only be accomplished through big monetary expenditures. All of these things provide challenges to a small IT department that is already resource challenged.
It was precisely because of these challenges that NIST SP 800-171 IMPLEMENTATION FOR THE SMALL-MEDIUM BUSINESS -- DoD Cybersecurity for the Windows-Based SMB was written. This book is designed to provide guidance to the IT administrator that needs to implement NIST SP 800-171, but doesn’t have the necessary resources to do so. These are not suggestions to “get around” the requirements, but suggestions for value-added security enhancements that meet the requirements. These suggestions designed to achieve compliance while not breaking the bank or putting you in the insane asylum.
The book goes through every one of the requirements in NIST SP 800-171, Revision 1, addressing them individually. In many cases, the suggestions are very specific, describing Group Policy or procedural steps that will satisfy the requirement. The goal of all these suggestions is for them to be specific, realistic and sound from a security standpoint.
The book includes:
-
10 requirements that can be satisfied with a Group Policy setting
-
24 requirements that can be satisfied through implementing a procedure/policy
I wish I could say that by using this book you could bring your company into compliance in an afternoon, but that wouldn’t be true. To do a good job implementing NIST SP 800-171, will still take a lot of work. However, this book is designed to provide direction and suggestions to cut many hours off of the implementation process.
​
The book can be purchased in two different ways. If you want it more quickly, you can buy if off of Amazon. If you want the book for less expense, you can buy it from lulu.com.
SPECIAL BONUS!
Free with a purchase of this book, you will be able to download the package of templates and help files to streamline your implementation. A link will be found inside the back cover of the book.
About The Author
​
​With decades of experience managing networks within an SMB DoD contracting company, Richard has seen the challenges of controlling security with limited resources. He is a GIAC Certified Windows Security Administrator, indicating his expertise in managing security within the Windows environment. Richard has experience in setting up programs and systems to conform to standards within the quality and contracts realm. He is a graduate of the University of Kentucky and lives in Lexington, KY.
