Our Goal
Assist a small (109 employees) defense contractor (client) based in Austin, Texas in becoming compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) NIST SP 800-171 reporting requirements.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Challenges & Needs
The client had no prior experience with compliance reporting to the Department of Defense (DoD), as the DFARS NIST SP 800-171 framework was new (at that time, in 2016-2017), to all DoD contractors throughout North America. Additional challenges included the following:
-
Missing Corporate Compliance Culture: Senior I.T and operational staff had no prior experience in performing any type of compliance assessments, such as collecting audit evidence, working with third-party assessors, producing compliance reports, and more.
-
Antiquated Information Security Policies and Procedures: Information security policies and procedures existed, yet they were old, had not been updated in years. When asked what initiatives were in place for updating their InfoSec documents, the client expressed little interest in doing so, primarily due to lack of manpower and policy writing expertise.
-
Inadequate Security and Operational Controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the NIST SP 800-171 framework.
-
Missing Security & Compliance Tools and Solutions: NIST 800-171 compliance required implementation of various tools, all of which the client did not have in place. Additionally, the client had little knowledge of which vendors to reach out to.
-
No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any real history of managing a federal compliance engagement.
Our Solution
Arlington successfully implemented the following strategies and solutions:
-
Defined project scope, including roles and responsibilities for all internal personnel at the client.
-
Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
-
Initiated contact with seven major software vendors, allowing our client to choose the best products for their operations.
Challenges Solved
-
Developed all-new information security policies and procedures documentation.
-
Conducted in-house security awareness training.
-
Established and put into operations an all-new cyber incident response and reporting program as required by the DoD.
-
Implementation of a true compliance framework in accordance with DFARS NIST SP 800-171.
-
Successfully remediated all technical and security controls that previously had notable gaps.
-
Issued System Security Plan (SSP) to clients, allowing them to showcase compliance to the Department of Defense (DoD), and to other prospects as evidence of internal control compliance with NIST SP 800-171.
Value Created
-
Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
-
Developed and implemented a highly respected regulatory compliance framework formalized and well-documented internal controls
-
Successfully met the rigorous DoD compliance requirements of DFARS NIST SP 800-171.
Why Arlington?
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.
Sidebar
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.