The Enterprise Project Management Office plays an important role when implementing NIST framework security controls and standards at an organization. NIST framework is voluntary for private sector. However, if an organization is maintaining controlled unclassified information (CUI) of the Government then NIST security and standards must be in place to safeguard the content.
The product that meets NARA’s archiving and retention policies with comprehensive audit capability is hard to find. The product ACVITS, (https://aws.amazon.com/marketplace/seller-profile?id=0e2c5bca-757e-424d-9151-2f696a63a99c) content management, and e-discovery system is perhaps the best product and only product available on subscription in the AWS GovCloud. The AWS GovCloud is a FedRAMP and NIST compliant cloud service. ACVITS with most STIG requirements already in, is designed to run from the AWS GovCloud platform. The product support very large file types, contents are encrypted at transit and rest. This intuitive application is easier to subscribe. It does an automatic backup, regular maintenance, and easier to operate makes it an affordable solution.