NIST SP 800-171 controls in ACVITS LAW

ACVITS’s security strength can benefit your firm on compliance. The application uses bank-level encryption on data. ACVITS LAW, document management repository system installs under your organization’s FedRAMP certified AWS GovCloud account.

AWS is already compliant with these guidelines, and customers can effectively comply with NIST 800-171.

ACVITS LAW on AWS GovCloud (US) Region

The application is designed to address the specific regulatory needs of United States federal, state and local agencies, education institutions and the supporting ecosystem.

  • The application installation and configuration is easy and can go-live in 4 hours.
  • Pay as you go license subscription model, where customer always have control.
  • Customer support from AWS and OOAC team.

The benefits of running ACVITS on AWS GovCloud (US) Region:

  • Subject to FedRAMP High and Moderate baselines
  • Allow customers to host sensitive Controlled Unclassified Information (CUI) and all types of regulated workloads
  • Operated by employees who are U.S. citizens on U.S. soil
  • Only accessible to vetted U.S. entities and root account holders, who must confirm they are U.S. Persons to gain access


The Requirements/Controls in 14 Areas (families) in ACVITS

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

Access Control

This area (family) addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AC family. ACVITS built on the principles of least privilege offers comprehensive capabilities to limit system access.

Awareness and Training

ACVITS runs on FedRAMP certified AWS GovCloud. AWS security training can enhance an organization’s security capability. ACVITS application Security Awareness and Training Program can guide building effective information technology (IT) security program and supports requirements.  OOAC customer support can provide an effective security awareness program on ACVITS LAW Document management system.

Audit and Accountability

ACVITS offers comprehensive audit log on user activities. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

Configuration management

Customers can use AWS Config to determine how a resource was configured at any point in time, to view resource dependencies, and to send notifications when the resource configuration changes

Identification and Authentication

ACVITS security architecture includes two-factor authentication, captcha, prevent reuse of identifiers for a defined period, and limit access to identified devices.

Incident Response

Customers can benefit from AWS white paper on security incident response. The foundation of a successful incident response program in the cloud is to educate, prepare, simulate, and iterate.


Our application maintenance communication will provide information required in the organizational policy and procedures for maintenance. It can assist in the purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Media Protection

ACVITS uses bank-level encryption on data during transit and rest. AWS GovCloud FedRAMP platform offers physical media layer protection. The system offers 99.999,999,999 percent durability on customer files. These built-in features offer powerful media protection.

Personnel Security

This is an organizational policy on access to information.

Physical Protection

This control applies to customer’s employees and visitors. Components of organizational information systems (e.g., workstations, tablets) may be located in designated areas.

System and Communication Protection

ACVITS offers comprehensive features to monitor, control and protect communications. Customer can define access boundary to a subnet. User can recall shared information at any time of their choice.  The bank-level encryption makes contents in transit and rest secure. By default, the shared data is view-only mode, thus protecting the information from unlawful download or transfer.

Risk Assessment

ACVITS application installs at the customer’s AWS GovCloud, that gives a clear perimeter definition. Also, the maintenance is vetted through a designated representative, such that risks can be assessed clearly.

System and Information Integrity

This internal control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the SI family.

Security Assessment

ACVITS subscriber can use Amazon Inspector to run security assessments on regulated workloads and sensitive data hosted on Amazon EC2 instances in the AWS GovCloud (US) region. Amazon Inspector is formally approved by the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) as an approved vulnerability scanning tool for AWS services built on EC2.

Risk Free 30 Days Trial