Our Goal

Assist a specialized division for a large defense contractor (client) based in Southern California (SoCal) with multiple needs relating to regulatory compliance, cybersecurity, and data privacy.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Challenges & Needs

The client had a two-fold challenge; comply with FISMA, DFARS NIST 800-171, and CMMC, while also providing evidence of such compliance efforts to the Department of Defense (DoD). Additional challenges included the following:

Missing Corporate Compliance Culture: As large and well-known as the client was, their specialized division had no experience with regulatory compliance on the scale now being required of them by the DoD.
No Information Security Policies and Procedures: There was no documentation in place relating to information security and cybersecurity. Additionally, none of the personnel within the specialized division had any experience in drafting policies and procedures.
Inadequate Security and Operational Controls: Along with no documentation, the client had notable deficiencies with critical security and operational controls when mapped against the FISMA, DFARS NIST 800-171, and CMMC frameworks.
Missing Security & Compliance Tools and Solutions: FISMA, DFARS NIST 800-171, and CMMC compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – all of which the client did not have in place.
No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had history of managing a FISMA, DFARS NIST 800-171, and CMMC engagement.

Our Solution

No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had history of managing a FISMA, DFARS NIST 800-171, and CMMC engagement.

Defined project scope, including roles and responsibilities for all internal personnel at the client.
Identified gaps and deficiencies within the client’s control environment relating to FISMA, DFARS NIST 800-171, and CMMC, offering expert recommendations on remediation and next-steps.
Established and put into operations an all-new cyber incident response and reporting program as required by the DoD.

Challenges Solved

Implementation of a true compliance framework in accordance with FISMA, DFARS NIST 800-171, and CMMC.
Developed all required information security policy documentation in accordance with NIST.
Successfully remediated all technical and security controls that previously had notable gaps.
Issued multiple System Security Plans (SSP) to the client, allowing them to showcase compliance to the Department of Defense (DoD), and to other prospects as evidence of internal control compliance with FISMA, DFARS NIST 800-171, and CMMC.

Value Created

Put in place a corporate culture that now understands, respects, and truly values the concept of information security, cybersecurity, data privacy, and regulatory compliance.
Developed and implemented a highly respected regulatory compliance framework formalized and well-documented internal controls
Successfully met the rigorous DoD compliance requirements of FISMA, DFARS NIST 800-171, and CMMC.
Successfully integrated into the organization a “security first” mindset in everything they do.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.