Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

Data Mapping Case Study

Our Goal

Assist a medium-sized (563 employees) defense contractor (client) based in Northern Virginia with data mapping to ensure the client has a complete understanding of their entire data lifecycle.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client, a well-known defense contractor, had multiple business lines with dozens of current contracts currently in place with the Department of Defense (DoD). Additional challenges included the following:
  • No Data Mapping Measures in Place: The client had never undertaken any type of meaningful data mapping exercise with regards all of their business lines.
  • Unsure of the Types and Categories of Data. From unclassified to classified and top secret data, the client had no formalized data categorization modeling in place.
  • Unsure of the Legal Requirements for Data Protection and Retention: There were conflicting views in terms of how data should be protected, how long it should be kept, and what the actual disposal practices were.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Met with senior leadership and provided a complete strategy and plan-of-attack for designing, deploying, and implementing a robust, data mapping exercise from the ground up.
  • Met with key stakeholders within various departments/divisions for the organization, earning acceptance and support for what would be an aggressive timeframe for project implementation and completion.
  • Identified gaps and deficiencies within the client’s information security, cybersecurity, data privacy, and H.R. and operational control environment, offering expert recommendations on remediation and next-steps.

Challenges Solved

  • Successfully remediated security, technical, and operational control gaps found during the initial data mapping assessment activities.
  • Corrected all known control deficiencies relating to the organization’s entire data lifecycle, resulting in a significant improvement regarding the safety and security of information systems and other assets that store, process, and transmit data.
  • Put in place a highly customized data privacy program, complete with a new data categorization system that fully met the client’s needs and overall expectations.
  • Conducted in-house training to all stakeholders on how to execute the data categorization program to all external suppliers.
  • Developed all required data privacy program documentation, complete with policies, procedures, and processes.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the importance of sound data governance practices.
  • Data privacy, data mapping, data categorization - in essence, the broader topic of data governance - was now viewed in a multi-dimensional value proposition that not only helps with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies