Documentation
HECVAT Lite v3.0.6
Documentation
DOCU-05

Question DOCU-05

Can the systems that hold the institution's data be compliant with NIST SP 800-171 and/or CMMC Level 2 standards?

Weight10
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

A HECVAT Full is recommended if this level of full NIST SP 800-171 compliance is required for the application.

Answering "NO"

Describe any plans to provide NIST SP 800-171 or CMMC Level 3 services.

Answering "YES"

Indicate level, Supplier Performance Risk System (SPRS) Score or certification information.

Reason for Question

For institutions that collaborate with the United States government, FISMA compliance may be required.

Follow-Up Inquiries

Follow-up inquiries for FISMA compliance will be institution/implementation specific.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]

DOCU-04DOCU-06