Version 2.2 (31 August 2020) of the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) mentions the phrase "incident response” twenty-six times, and for good reason. It is a strict requirement for cleared industry to have in place a number of critical measures relating to incident response. And while the DAAPM does provide a template via Appendix Q regarding incident response, what cleared industry needs is a thorough, comprehensive, easy-to-use incident response plan, and that’s exactly what we offer at the Arlington Security Portal (ASP).
With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.
An Incident Response Plan (IRP) is one of the most fundamentally important documents to have in place, and DCSA will want to thoroughly review your IRP. With that said, you’ll need to have in place a company-wide approved IRP, one that includes required DoD guidelines, and that covers the in-scope information system, or a stand-along IRP for the specific in-scope system. If you do not have an IRP in place, or, if your company-wide IRP does not include coverage for the in-scope Information system, DCSA recommends (and more realistically, “expects”), cleared contractors to follow the DAAPM Appendix Q for IRP. Additionally, your IRP should contain specific measures relating to Spills (Appendix R) and Sanitization (Appendix S).
Per a recent presentation by DCSA personnel,
- “IRPs are approved in conjunction with the Information System unless a separate one was submitted and approved at the corporate level.”
- “Do your processes involve remote cleanup with remote workers? Remote aspects of your cleanup should be clear in the submitted IRP.”
- “DCSA expects cleanup to follow DAAPM guidance at a minimum as documented in your IRP.”
Download Incident Response Toolkit Today
At Arlington, we offer an In-depth, comprehensive, professionally developed incident response toolkit that includes an actual incident response plan consisting of documentation on all essential subject matter for developing an incident response plan as required by NIST SP 800-53, Revision and Appendix Q of the DCSA DAAPM. Additionally, the incident response toolkit also includes an insider threat training manual for download also.
Specifically, the incident response plan Includes complete coverage of the following incident response steps/phases: Preparation, Detection, Initial Response and Containment, Security Analysis | Recovery and Repair, Communication, Post Incident Activities and Awareness, Monitoring, Reporting of Suspected Incidents, Training , Testing, and other related activities.
100 + NIST 800-53 Templates Available for Download for Cleared Industry
The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5. As for eMASS, we can assist with the following:
- Scoping & Gap (i.e., Readiness) Assessments
- Remediation Services (Policy and Procedures writing)
- Remediation Services (Technical and Operational)
- System Security Plan (SSP) Development
- Completion of eMASS Export Control Spreadsheets
- Continuous Monitoring (ConMon) Services
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.