Our Goal
Assist a medium-sized (700 employees) defense contractor (client) based in Long Island, New York in developing comprehensive information security documents, programs, and plans in support of their regulatory compliance and cybersecurity mandates.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Challenges & Needs
The client had no prior experience with compliance reporting to the Department of Defense (DoD), as the DFARS NIST SP 800-171 framework (at that time, in 2015 - 2016) was new to all DoD contractors throughout North America. Additional challenges included the following:
-
Missing Compliance Culture: Other than performing an informal risk assessment, the client had no formal exposure to federal regulatory compliance. As a result, senior I.T and operational staff had no prior experience in performing any type of compliance assessments, such as collecting audit evidence, working with third-party assessors, producing compliance reports, and more.
-
Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old, had not been updated in years, essentially rendered ineffective for any type of meaningful mapping to the NIST SP 800 standards.
-
Inadequate Security and Operational Controls: Along with old policy documents, the client also lacked structured processes and procedures relating to a number of strict NIST reporting requirements, such as incident response, contingency planning, and more.
-
Missing Security & Compliance Tools and Solutions: The client was also missing a number of essential security tools and solutions, such as two-factor authentication, file integrity monitoring, data loss prevention, and more.
-
No Project Management Experience for Compliance: None of the internal I.T. and operational staff had any real history of managing a federal compliance engagement, especially NIST 800-171.
Our Solution
Arlington successfully implemented the following strategies and solutions:
-
Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
-
Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
-
Initiated contact with five major software vendors, allowing our client to choose the best products for their operations.
-
Established and put into operations an all-new cyber incident response and reporting program as required by the DoD.
-
Established contact and strong working relationships with all in-scope third-party vendors (i.e., managed security services providers).
Challenges Solved
-
Implementation of a true compliance framework in accordance with NIST RMF.
-
Developed all required security policies and procedures against the NIST SP 800-53 publication.
-
Successfully remediated all technical and security controls that previously had notable gaps.
-
Issued System Security Plan (SSP) to clients, allowing them to showcase compliance to the Department of Defense (DoD), and to other prospects as evidence of internal control compliance with NIST SP 800-171.
Value Created
-
Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
-
Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
-
Successfully met the rigorous DoD compliance requirements of DFARS NIST SP 800-171.
Why Arlington?
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.