This 5:33 video discusses the ACR 2 Cybersecurity Risk Management System that allows small (up to 50 staff) federal contractors to create a fully documented NIST 800-171 cybersecurity program in less than 30 hours. First year compliance costs, excluding any hardware that might be needed, are less than $5,000 (see Services and Pricing page).
3 minute Boot Camp provisioning and start-up video - access at https://attendee.gotowebinar.com/recording/6276660389605003009
NIST 800-171 SSP and POAM updates in one hour - https://www.youtube.com/watch?v=yuJjnZwz03s&t=2s
GT-pac review of NIST 800-171 requirements - https://youtu.be/QaRaqJR8ykg
Final DOD cybersecurity requirements for handling Controlled Unclassified Information (CUI) - https://www.federalregister.gov/documents/2016/10/21/2016-25315/defense-federal-acquisition-regulation-supplement-network-penetration-reporting-and-contracting-for
November 2018 DOD Contract Officer guidance - https://www.acq.osd.mil/dpap/pdi/cyber/docs/Assess%20Compliance%20and%20Enhance%20Protection%20of%20Contractor%20System%20%20with%20Attachments%2011-6-2018.pdf
Video 20:23 - NIST favorable review of ACRMS for CUI cybersecurity compliance.