NISP eMASS DAAPM DCSA | Tips and Advice on the Assessment & Authorization (A&A) Process

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Here are some helpful tips and advice when it comes to the Assessment & Authorization (A&A) Process within eMASS for cleared contractors.

When inputting information for your System Security Plan (SSP), along with entering data into the lengthy MS Excel “Export” spreadsheets, pay close attention to the details and do not make errors.
Understand the difference between Not Applicable (NA) and Non-Compliant (NC). Not Applicable controls are out of scope, do not require testing, and do not require ConMon measures. Non-Compliant require Plan-of-Action and Milestones (POAM) entries.
On the subject of ConMon, per DCSA, “Continuous Monitoring (ConMon) is an important aspect of the overall security because it communicates to DCSA how controls are going to be assessed for continued effectiveness over time.”
Remember that Test Results are not Implementation Narrative details or ConMon activities. Per DCSA, Test Results are “...a summary of the actions that have already taken place to validate that controls have been effectively implemented.”

100 + NIST 800-53 Templates Available for Download for Cleared Industry

The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO. Core services and solutions offered include the following:

Scoping & Gap (i.e., Readiness) Assessments
Remediation Services (Policy and Procedures writing)
Remediation Services (Technical and Operational)
System Security Plan (SSP) Development
Completion of eMASS Export Control Spreadsheets
Continuous Monitoring (ConMon) Services

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

DoD Strategy & Advisory

FedRAMP for DOD Contractors

TPRM & Supply Chain

NISP eMASS DCSA

Cybersecurity

Config. Mgmt.

NIST 800-171

Data Privacy

DoD Cloud Security

CMMC

vCO & vCISO

Awareness / Threat Training

Risk Assessments

FISMA

CP & IR

Non-DoD NIST RMF

About Arlington

Expertise

Focus

Values

DoD Briefs

Case Studies

FAQ's

NISP eMASS DAAPM DCSA | Tips and Advice on the Assessment & Authorization (A&A) Process

Arlington Security Portal

Arlington Security Portal

More Blog Posts

DoD Establishes the Defense Management Institute (DMI), a non-profit, non-partisan Research Organization

U.S. Navy Pushes Forward with Cyberspace Superiority Vision (CSV)

NIST Cybersecurity Framework 2.0 Concept Paper Published for "Potential Significant" Updates in Near Future

SERVICES

RESOURCES

ABOUT