This attestation is provided by Excelitas IT Governance Risk and Compliance (GRC), an internal assessment organization of Excelitas, to attest that it has validated that the Excelitas Organization system conforms to the NIST CSF and NIST SP800.171 rev.1 controls and practices, and as defined in the CMMC for Improving Critical Infrastructure Cybersecurity, Version 2, dated December 3, 2021.
The NIST CSF was created as a result of Presidential Executive Order 13636 and provides a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. While the NIST CSF is intended as guidance only, Excelitas leverage and tailor the CSF to best suit the risks, situations, and needs. Excelitas has proactively taken this approach by creating a security posture scoring matrix using the DoD scoring methodology and mapping the security practices to the Excelitas Cyber Security Policies. The security posture scoring matrix was created by Excelitas team to demonstrate alignment of the NIST SP800.171 r1 security practices and Excelitas internal security policies.
Excelitas GRC (Governance Risk and Compliance) conducted the internal assessment using the NIST SP800.171A assessment guide and noted that the security practices and controls were assessed and accounted for in the security posture matrix and aligned with corresponding NIST security control requirements. GRC documented the Excelitas responsibility for implementation of the identified security control(s), as well as any applicable customer responsibility. GRC leveraged the CMMC Version 2/NIST SP800-171A, which includes guidance and assessment criteria in protecting FCI (Federal Contract Information) and CUI (Controlled Unclassified Information) These additions provide further assurance of key cybersecurity outcomes for managing potential risk.
As a result of GRC internal assessment and understanding of the Excelitas environment, we have determined that Excelitas has demonstrated alignment of the Excelitas organizational system to the NIST CSF, NIST SP800.171r1 and implementation of referenced security controls.
Chief Information Officer