• Familiarity with eMASS, the NIST RMF A&A system of records: This means that all personnel working in eMASS should go through training as the eMASS system itself can be challenging at times, especially if it’s your first time.
• Complexity of the Environment: Your environment - SUSA, MUSA, connected network, etc. - will also dictate the amount of time needed to work through the entire process.
• Technical Competency of ISSOs/ISSMs: The more experienced they are in working with STIGs and SCAP tools, the better.
• Maturity Level of Policies, Procedures, Programs, and Plans: The NIST RMF A&A process relies heavily on documentation - specifically - policies, procedures, programs, and plan requirements derived from NIST SP 800-53. If you’re lacking in this area - like most in industry - then this can be a time-consuming process.

100 + NIST 800-53 Templates Available for Download for Cleared Industry

The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.  Core services and solutions offered include the following:

• Scoping & Gap (i.e., Readiness) Assessments
• Remediation Services (Policy and Procedures writing)
• Remediation Services (Technical and Operational)
• System Security Plan (SSP) Development
• Completion of eMASS Export Control Spreadsheets
• Continuous Monitoring (ConMon) Services

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.