NIST SP 800-171 Compliance 


MEMCO is fully aligned with the requirements of NIST Special Publication 800-171 for the protection of Controlled Unclassified Information (CUI), as mandated by DFARS 252.204-7012. Our internal security program includes a formally documented and maintained System Security Plan (SSP) and Plan of Action and Milestones (POA&M), which are actively updated in accordance with federal guidance.

 

• Self-Assessment Score (NIST 800-171): 102 out of 110

   

• Assessment Scope: Enclave – MEMCO’s business systems used for managing DoD CUI

   

• SPRS Submission: Completed and filed

   

• CUI Environment: Hosted in Microsoft 365 GCC (FedRAMP Moderate, US Sovereign Cloud)

   

• Security Measures: Email and file encryption, multi-factor authentication, access controls, and audit logging for all CUI-handling systems

   

• Documentation Available Upon Request: SSP, POA&M, CUI handling procedures, security awareness program outline

   

FAR 52.204-21 Compliance 
MEMCO also meets the requirements of FAR 52.204-21 (“Basic Safeguarding of Covered Contractor Information Systems”), which mandates 15 basic cybersecurity safeguards for any federal contractor system that processes federal contract information (FCI).

 

• Self-Assessment Score (FAR 52.204-21 baseline): PASS

   

• Security Posture: Includes safeguards for physical access control, information system monitoring, user authentication, incident response procedures, and secure remote access.

   

Security Governance & Risk Management 
MEMCO maintains a proactive internal cybersecurity governance program, which includes regular employee security training, risk assessments, supply chain review procedures, and incident response plans aligned with CMMC Level 2 preparedness standards.