To complete the NIST 800 form:
Step 1. Click on the Edit icon next to the name of the form you would like to edit or click directly on the form name in the Form Summary widget on your Dashboard page to redirect to the Form Details page.
NOTE: If this is the first time anyone in your organization is submitting the NIST 800 form using PIM, the Start button displays at the top of the page. If your organization already completed and submitted the form, or someone already started the form, there are two options to Click to Edit on this page.
Step 2. Click the Start button.
NOTE: If your organization already started or completed the form:
1. Select the Click to Edit button to edit the entire form.
2. Select the Edit button next to the desired section to edit individual sections.
Step 3. You are directed to the Welcome section of the form. In this section, click the Next button until you reach the Contacts page.
Step 4. Enter details for your organization's contacts.
NOTE: You can enter up to three contacts on this page, however, you are required to enter details for at least one contact for your organization.
Step 5. Once you are done entering details, click the Next button.
NOTE: This form consists of 14 control families, each of which have multiple capability questions, for a total of 110 questions. The first control family is Access Control. You are not required to answer each control family in the order they display, however, you must open and complete each question in every control family. Each capability question provides one of the following four answer options:
- Addressed with SSP & POAM
- Approved Exception (by DoD)
- Not Implemented
All questions in the NIST form are marked Not Implemented by default. If you do not update the selection the answer will remain as Not Implemented.
Step 6. Provide answers for each capability in every control family and continue to click the Next button until you reach the Additional Details page.
Step 7. On this page, provide an Expected Completion Date (ECD) for any capabilities your organization has not implemented, but does plan to implement.
NOTE: Select to Save & Exit if you wish to complete the form a later time.
Step 8. Click the Next button.
Step 9. On the Submission page, enter the details of the person submitting the form.
Step 10. Click the Send Response button to submit the form and send the response to the requesting Buyer.
NOTE: You can submit the form without responding to all the questions listed. You can see the progress in terms of percentage (%) complete in the Forms Table.
Step 11. A confirmation message displays. Click OK to confirm your form submission.
- You are redirected back to the Form Details page.
- Your form is immediately scored and scores display on this page. Scores and responses are also immediately made available to your Buyer.
- On the Form Details page, you are provided two scores in the Score Summary section and a score per each control family of the form.
- Scores displayed in the Score Summary section are representations of the following:
- A percentage score which represents all questions answered as Implemented and/or Approved Exception (by DoD)
- A percentage score which represents all questions answered as Implemented, Approved Exception (by DoD), and/or Addressed with SSP and POAM.
- Scores displayed for each control family represent the percentage of all question in the specific control, which were answered as Implemented, Approved Exception (by DoD), and/ or Addressed with SSP and POAM.