Fortivus
← Back to home
1
2
3
4
Your Security Environment
We'll map your current practices to all 110 NIST 800-171 controls. This takes about 5 minutes. Honest answers get more accurate results.
Company Name
*
Primary cloud provider(s)
AWS
Azure
AWS GovCloud
On-premise only
No cloud
How many employees have access to CUI (Controlled Unclassified Information)?
1–10
11–50
51–200
200+
Step 1 of 4
Continue →
✓
2
3
4
Access Control & Authentication
How you manage who gets access to what.
Do you use Multi-Factor Authentication (MFA) for all users?
*
Yes, all users
Admins only
Partially deployed
Not in use
How is remote access controlled?
VPN + MFA
VPN only
Zero trust / ZTNA
No controls
Do you enforce least-privilege / role-based access control?
Yes, fully enforced
Partially (some shared accounts)
No formal RBAC
Password policy — minimum complexity enforced?
Yes, strong policy (12+ chars, complexity)
Basic policy (8+ chars)
No enforced policy
How are privileged accounts managed?
← Back
Continue →
✓
✓
3
4
Security Operations
Your monitoring, incident response, and vulnerability management practices.
Endpoint protection — what's deployed?
EDR (CrowdStrike, SentinelOne, etc.)
Traditional AV
MDM for mobile
Nothing deployed
Do you have a SIEM or centralized log management?
Yes, full SIEM (Splunk, Sentinel, etc.)
Log aggregation only
Cloud-native logs only
No centralized logging
Vulnerability scanning — how often?
Continuous
Weekly
Monthly
Quarterly
No scanning
Incident response plan — current state?
Documented + tested
Documented only
Informal process
None
Security awareness training for staff?
Annual training + phishing sims
Annual training only
Onboarding only
No formal training
← Back
Continue →
✓
✓
✓
4
Data Protection & Physical Security
CUI handling, encryption, media control, and physical safeguards.
How is CUI encrypted at rest?
Full disk encryption (AES-256)
Partially encrypted
Cloud-managed defaults only
Not encrypted
How is CUI encrypted in transit?
TLS 1.2+ everywhere
Partially enforced
Not consistently enforced
Removable media controls (USB, external drives)?
Blocked at endpoint
Encrypted USB only
Policy only (honor system)
No controls
Configuration management — do you maintain system baselines?
Automated (Ansible, Chef, SCCM)
Documented baseline, manual enforcement
Informal / ad hoc
None
Physical security — what protects CUI systems?
Badge/key access controls
CCTV cameras
Visitor logs
Locked office only
Fully remote (no physical office)
System Security Plan (SSP) — current status?
Complete and current
In draft
Don't have one
Anything else about your security posture we should know?
← Back
🔍 Analyze My Compliance
Analyzing 110 NIST 800-171 Controls
Our AI compliance officer is reviewing your security environment...
Mapping access controls (AC family)
Reviewing audit & accountability (AU)
Checking identification & authentication (IA)
Evaluating system protection (SC family)
Assessing configuration management (CM)
Compiling gap analysis & recommendations
NIST 800-171 Compliance Assessment
—
Met
Controls Met
—
Partially Met
—
Not Met
—
Total Controls
110
Control Family Breakdown
Click any family to drill down into individual controls.
What's Next?
Your gap report is ready. Fortivus can generate a full System Security Plan and remediation roadmap to close these gaps.
Generate SSP + Roadmap
Export Report
New Assessment