Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

NISP eMASS DAAPM DCSA Requirements for Performing a Tier 3 Risk Assessment

DoD & Cleared contractors in industry are required to perform, at a minimum, an annual risk assessment, and one that is specific to an actual ‘system’. While the DCSA DAAPM, and other related DoD documentation provides examples of a risk assessment (i.e., Risk Assessment Report – Appendix C of the DAAPM), they do not provide detailed information – and examples – of the threat sources. Developing and documenting such information can be time-consuming.

This initial assessment will be a Tier 3 or “information system level” risk assessment. While not entirely comprehensive of all threats and vulnerabilities to the system, this assessment will include any known risks related to the incomplete or inadequate implementation of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls selected for this system.

Risk Management Strategy and Risk Assessment Program - DoD & Cleared Contractors

In-depth, comprehensive, professionally developed risk management strategy and risk assessment program that includes documentation on all essential subject matter for developing a risk management strategy, along with performing a risk assessment as required by NIST SP 800-53, Revision 5.

100 + NIST 800-53 Templates Available for Download for Cleared Industry

The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.  Core services and solutions offered include the following:

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at