Our NIST 800-171 & CMMC documentation is "DIBCAC battle tested" where it has been successfully used in DIBCAC audits. That says a great deal about the quality of our content!

ComplianceForge is an industry leader in NIST 800-171 & Cybersecurity Maturity Model Certification (CMMC) compliance documentation solutions. Our documentation templates have helped customers that range from the Fortune 500 down to small and medium-sized businesses comply with DFARS requirements for NIST 800-171. Our products are scalable, professionally-written and affordable. The focus of NIST 800-171 & CMMC is to protect Controlled Unclassified Information (CUI) anywhere it is stored, transmitted and processed. Our solutions range from small businesses through to enterprise-class environments.

Our NIST 800-171 / CMMC documentation is updated to address CMMC 2.0 that addresses all Controlled Unclassified Information (CUI) and Non-Federal Organization (NFO) controls from NIST SP 800-171 R2.

If you use the Secure Controls Framework (SCF), then you will want to buy one of these bundles, since the Digital Security Program (DSP) has 1-1 mapping between the SCF and the DSP. We sell the policies, standards, procedures & more that will compliment the SCF controls that you use! The DSP provides you with SCF-aligned policies, standards, guidelines, metrics, controls and capability maturity criteria. The Cybersecurity Standardized Operating Procedures (CSOP) provides you with SCF-aligned procedures/control activities. These two products alone can save you hundreds of hours of document writing and can help your organization hit the ground running with the SCF.

The Digital Security Program (DSP) is a product we developed for companies that need to comply with multiple requirements, but do not want to be locked into documentation that is formatted to conform with the taxonomy ISO 27002 or NIST 800-53. Essentially, the DSP is a "best in class" approach to security documentation. The DSP metrics come mapped to the NIST Cybersecurity Framework (CSF). 

ComplianceForge developed an editable template for a C-SCRM strategy and implementation plan that is based on NIST SP 800-161 Rev 1, which is the current "gold standard" for authoritative C-SCRM guidance. This is fully-editable documentation (e.g., Word, Excel, PowerPoint, etc.) that can enable your organization to "hit the ground running" with C-SCRM operations.

NIST SP 800-160 is the "gold standard" for security by design, which is important since: (1) you can have security without privacy, but (2) you cannot have privacy without security. Therefore, secure practices are fundamental to any cybersecurity and privacy program.

Our documentation is designed to address common cybersecurity and privacy needs, so that you can demonstrate compliance with your specific requirements. This may be European Union General Data Protection Regulation (EU GDPR), California Consumer Protection Act (CCPA) / California Privacy Rights Act (CPRA), NIST Privacy Framework, or SOC 2 Privacy Principles. Regardless of the framework, you need to have evidence of how both cybersecurity and privacy principles are designed and implemented. Our privacy bundles are uniquely designed to help you comply with leading privacy practices!

Identifying and managing risk is a part of business. We work hard to develop products that assist clients with removing the Fear, Uncertainty & Doubt (FUD) factor that clouds many cybersecurity risk management decisions. These products are editable Microsoft Word & Excel templates, so if you can use Microsoft Office products, then you can use these risk management solutions! 

When you "peel back the onion" and prepare for an audit/assessment, there is a need to address "the how" for certain topics, such as risk management. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Risk Management Program (RMP) is one of those products that can help demonstrate HOW risk management is structured at your organization.

• Digital Security Program (DSP)
• NIST CSF - Policies & Standards (CDPP)
• ISO 27001 / 27002 - Policies & Standards (CDPP)
• NIST 800-53 R5 (moderate) - Policies & Standards (CDPP)
• NIST 800-53 R5 (high) - Policies & Standards (CDPP)

• Procedures (CSOP) - NIST CSF
• Procedures (CSOP) - ISO 27002
• Procedures (CSOP) - NIST 800-53 R5 (moderate)
• Procedures (CSOP) - NIST 800-53 R5 (high)
• Procedures (CSOP) - DSP & SCF Version

• C-SCRM Strategy & Implementation Plan (C-SCRM SIP)

• NIST 800-171 Compliance Program (NCP): CMMC Level 2
• NIST 800-171 System Security Plan (SSP) Template

• Risk Management Program (RMP)
• Cybersecurity Risk Assessment (CRA) Template
• Cybersecurity Business Plan (CBP)

• Data Privacy Program (DPP)
• Secure Engineering & Data Privacy (SEDP) Program
• Information Assurance Program (IAP)

• Vulnerability & Patch Management Program (VPMP)
• Secure Baseline Configurations (SBC)

• Integrated Incident Response Program (IIRP)
• Continuity of Operations Plan (COOP)

• SAQ A - PCI DSS v4.0 - Policies & Standards
• SAQ A-EP - PCI DSS v4.0 - Policies & Standards
• SAQ B - PCI DSS v4.0 - Policies & Standards
• SAQ B-IP - PCI DSS v4.0 - Policies & Standards
• SAQ C - PCI DSS v4.0 - Policies & Standards
• SAQ C-VT - PCI DSS v4.0 - Policies & Standards
• SAQ D-Merchant - PCI DSS v4.0 - Policies & Standards
• SAQ D-Service Provider - PCI DSS v4.0 - Policies & Standards