I’ll try and make it short.
My primary role is engineering but Im also the one the handles all the computer systems and networking.
We went through the whole 800-171 thing a few years ago and it literally just ran on the honor system. I know, I sat through a whole 4 hour presentation right along side people from Lockheed, Grumman, L3, and all the other big players.
So I went through the entire 800-171 handbook line by line and implemented everything I knew I could resonably handle on my own.
I also contracted a local IT firm who did not specifically deal with 800-171, but because of their experience in numerous other high security environments and our tightness on funds at the time they were willing to help us out.
They set us up with an on-prem Active Directory server and setup all the group policies for our network folders exactly how we wanted and even gave me some quick training on how to edit the policies and add/remove users and new systems, etc.
So while we should still be fine, our largest customer is wanting our systems to be “verified” preferably by a 3rd party. While I’m fairly confident in what we have, Im unwilling to put my name on something I’m not actually trained in, and with no input from someone who is. especially when it comes to govt work.
But the big problem comes into play when every single company we have contacted that does this just wants to shove everything into Office365 and Azure and call it a day…
Not only do we not want to operate “in the cloud” but as soon as we mention that some of the stuff is ITAR controlled they tell us that part can just stay on our current server…which then begs the question that if our current servers are good enough for the ITAR stuff, then why move any of it?
This whole situation is driving me nuts and I now have less than a month to figure it out or we’re going to begrudgingly pay some company almost $4k to move our stuff into the cloud, and fill out some paperwork for us
Full disclosure it’s a family owned business and I am the son of the owner and have been with the company for nearly 20years. So we’re not some big corporate entity and I’m not being pressured into cutting corners or anything like that. None of us want to use cloud services especially me, and my dad.
[link] [comments]