Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

CMMC Case Study

Our Goal

Assist a small (56 employees) defense contractor (client) with becoming CMMC compliant as required by a prime contractor who was offering direct services to the Department of Defense (DoD).

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

Per contractual requirements, the client needed to become CMMC compliant for two (2) specific services they were offering to a DoD prime contractor. Additional challenges included the following:
  • No Real Experience with CMMC: Historically, the client had never been formally asked to report on any type of DoD compliance mandate (i.e., DFARS NIST 800-171, etc.). As such, they had no experience with the CMMC framework.
  • Weak Security Documentation: With the exception of a handful of corporate-wide security policies, the client had no existing InfoSec, cybersecurity, or data privacy policies and procedures in place specific to CMMC reporting.
  • Inadequate Security and Operational Controls: The client had notable deficiencies with critical security and operational controls when mapped against the CMMC framework.
  • Missing Security & Compliance Tools and Solutions: CMMC compliance required implementation of various security tools and solutions, none of which the client had in place.
  • No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any real history of managing a federal compliance engagement such as CMMC.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified CMMC control gaps and deficiencies, offering expert recommendations on remediation and next-steps.

Challenges Solved

  • Developed all-new CMMC specific information security policies and procedures documentation, those based on NIST SP 800-53.
  • Conducted in-house security awareness training.
  • Established and put into operations an all-new cyber incident response and reporting program as required by the DoD for reporting breaches within a 72-hour period.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
  • Successfully met the rigorous compliance requirements of CMMC.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies