Version 2.2 (31 August 2020) of the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) clearly state how “Federal agencies have adopted the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) as a common set of guidelines for the Assessment and Authorization (A&A) of Information Systems (IS).”
And likewise, “The Defense Counterintelligence and Security Agency (DCSA) adopted these standards in an effort to streamline and build reciprocity across all federal agencies and to ensure all cleared contractor systems that process classified information as part of the National Industrial Security Program (NISP) are authorized under the RMF A&A process.”
Dig a little deeper, and what it really means is that cleared industry will need to adopt and implement the controls from NIST SP 800-53, Revision 4 (and now Revision 5) with regards to the A&A process. A core component of successfully integrating the lengthy set of NIST SP 800-53 controls into one’s environment is developing all the required policies, procedures, plans and programs that accompany each respective control family.
100 + NIST 800-53 Templates Available for Download for Cleared Industry
The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.
From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS
With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO. Core services and solutions offered include the following:
- Scoping & Gap (i.e., Readiness) Assessments
- Remediation Services (Policy and Procedures writing)
- Remediation Services (Technical and Operational)
- System Security Plan (SSP) Development
- Completion of eMASS Export Control Spreadsheets
- Continuous Monitoring (ConMon) Services
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.