Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

DoD Continuous Monitoring

Our Goal

Assist a small (56 employees) defense contractor (client) based in Washington State in developing a Department of Defense (DoD) specific Continuous Monitoring program for eMASS reporting.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client had won a significant contract with the DoD, and had also successfully completed their eMASS submission and earned Authorization to Operate (ATO), but was concerned about annual continuous monitoring efforts. Additional challenges included the following:
  • Unclear as to the Scope of Continuous Monitoring: The client was unclear as to what specific systems and controls needed to be monitored, in what capacity, and how to document and report on such efforts.
  • No Experience with Continuous Monitoring: The client has no experience with the concept of continuous monitoring, thus was unsure on how to even develop such a program.
  • Conflicting Viewpoints: Senior leadership and the IT department had different viewpoints on how to design and implement such a program, thus, creating additional challenges.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Developed a highly customized continuous monitoring program consisting of a mixture of automated and manual controls that were aligned with the NIST SP 800-53 controls within eMASS.
  • Performed “dry run” exercises for ensuring all personnel had a strong technical understanding of the continuous monitoring program, and their respective roles and responsibilities.

Challenges Solved

  • Implementation of a true continuous monitoring program as required by specific eMASS DoD guidelines.
  • Additionally, developed all required supporting information security and cybersecurity policies and procedures for helping ensure the full and proper execution of the continuous monitoring program.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly structured continuous monitoring program with formalized and well-documented internal controls.
  • Successfully met the rigorous DoD compliance requirements relating to continuous monitoring.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies