Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

CUI Case Study

Our Goal

Assist a medium-sized (526 employees) defense contractor (client) based in Texas in better understanding, documenting, and mapping, all Controlled Unclassified Information (CUI) within their environment.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client, a well-known defense contractor, had five (5) active contracts currently in place with the Department of Defense (DoD). Additional challenges included the following:
  • No Data Mapping Measures in Place: The client had never undertaken any type of meaningful CUI data mapping exercise with regards all of their business lines.
  • Unclear Understanding of CUI. No uniform consensus existed amongst leadership as to what CUI actually was, both electronically and in hard-copy format.
  • Unsure of the Legal Requirements for Data Protection and Retention: There were conflicting views in terms of how CUI, both digital and hard-copy format, should be protected, how long it should be kept, and what the actual disposal practices were.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Met with senior leadership and provided a complete strategy and plan-of-attack for helping the client gain a stronger understanding of all aspects of CUI within their environment.
  • Met with key stakeholders within various departments/divisions for the organization, earning acceptance and support for what would be an aggressive timeframe for project implementation and completion.

Challenges Solved

  • Successfully educated all key stakeholders on exactly CUI, the importance of protecting it, along with numerous other issues.
  • Identified all known categories of CUI within the client’s environment, along with creating process flow documentation showing how CUI is collected, stored, used and, ultimately, destroyed, as needed.
  • Developed comprehensive CUI policies and procedures, and conducted additional training seminars to key stakeholders on the various regulatory and contractual requirements relating to the safeguarding of CUI.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the importance of sound CUI practices.
  • The broader topic of CUI was now viewed in a multi-dimensional value proposition that not only helps with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies