Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

CP and IR Case Study

Our Goal

Assist a medium-sized (216 employees) defense contractor (client) based in Falls Church, Virginia with developing customized contingency planning programs, incident response programs, along with performing tabletop exercises against both plans.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client, while successful in obtaining numerous contracts as a subcontractor to a number of primes, had no formalized policies and procedures relating to contingency planning and incident response - two (2) critical domains within the NIST 800-53 guidelines. Additional challenges included the following:
  • No Security Documentation: The client had never taken the time to develop security policies and procedures. As such, they had no formalized policies relating to any of their information security, cybersecurity, and data privacy practices.
  • Lack of Compliance Culture: Nobody in the organization seemed to care enough about security and compliance to take on a lead role in spearheading such initiatives. As a result, the organizations lacked leadership, which resulted in weak support from the CEO, CFO, and COO.
  • Lack of Expertise: While the client finally understood the importance of contingency planning and incident response, they lacked the internal expertise in actually designing, developing, and implementing such plans.
  • Unfamiliar with NIST RMF: While the client had significant contracts with a number of federal agencies, they had surprisingly no familiarity with the NIST Risk Management Framework (RMF).

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Developed fully customized incident response and contingency planning program documentation, complete with documented policies, procedures, and processes.
  • Conducted in-house security awareness training for all employees in terms of the importance of incident response reporting and contingency planning and everyone’s roles and responsibilities.
  • Performed incident response and contingency planning tabletop exercises for helping determine the client’s actual readiness.
  • Established and put into operations an all-new cyber incident response and reporting program as required by the DoD.

Challenges Solved

  • Established and put into operations an all-new cyber incident response and reporting program as required by the DoD.
  • Successfully met strict regulatory compliance reporting mandates that required such programs be in place (i.e., FISMA, DFARS NIST 800-171, CMMC).

Value Created

  • Helped put in motion a corporate culture that now understands, respects, and truly values the concept of information security.
  • Created a true awareness for employees in terms of understanding the growing cyber threat landscape that can affect their organization in a detrimental way.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies