Our Goal

Assist a small (68 employees) defense contractor (client) based in Arlington, Virginia to earn Authority to Operate (ATO) through the Enterprise Mission Assurance Support Service (eMASS) portal for its Multi-User Standalone (MUSA) system that supports critical NAVY intelligence operations.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Challenges & Needs

The client had never been through any type of rigorous, government mandated compliance program such as eMASS for information security. Additional challenges included the following:

Missing Corporate Compliance culture: There was no existing compliance officer to oversee the eMASS compliance project. Additionally, senior management was frustrated by what they saw as a very costly and time-consuming endeavor.
No Information Security Policies and Procedures: The client had no documentation in place when it came to information security policies and procedures. Additionally, there were no formal procedures in place for incident response reporting and business continuity and contingency planning.
Inadequate Security and Operational Controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the NIST SP 800-53 controls within eMASS.
Missing Security & Compliance Tools and Solutions: eMASS compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – all of which the client did not have in place.
No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any experience in managing a federal compliance engagement like eMASS.

Our Solution

Arlington successfully implemented the following strategies and solutions:

Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
Initiated contact with external vendors for determining third-party compliance requirements.
Began authoring an all-new set of NIST SP 800 specific information security policies and procedures documents
Conducted in-house security awareness training, along with in-house insider threat training.

Challenges Solved

Implementation of a true compliance framework in accordance with eMASS reporting.
Developed all required information security policy documentation.
Successfully remediated all technical and security controls that previously had notable gaps.
Client granted Authorization to Operate (ATO) designation.

Value Created

Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
Successfully met the rigorous DoD compliance requirements of eMASS.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar