Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

eMASS Case Study | Scoping & Gap Assessment

Our Goal

Assist a medium-size (312 employees) defense contractor (client) based in Arlington, Virginia with eMASS compliance by performing a much-needed scoping & gap assessment for determining remediation steps needed for earning Authority to Operate (ATO) status.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client had won a significant contract with the DoD, but had to successfully undertake the rigorous eMASS reporting requirements (and ultimately, ATO designation) before their system could be allowed for use:
  • No Consensus on Where to Start: Since eMASS was new to the client, they were unclear as to where to even begin such a project.
  • Inadequate Security Policies and Procedures: The client had very little documentation in place when it came to information security policies and procedures. Additionally, what policies and procedures they did have, were not specific to the system in scope.
  • Missing Security & Compliance Tools and Solutions: eMASS compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – all of which the client did not have in place.
  • No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any experience in managing a federal compliance engagement like eMASS.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Initiated contact with external vendors for determining third-party compliance requirements.
  • Began authoring an all-new set of NIST SP 800 specific information security policies and procedures documents

Challenges Solved

  • Implementation of a true compliance framework in accordance with eMASS.
  • Developed all required information security policies and procedures.
  • Developed all required plans and programs for eMASS, specifically, an incident response plan, contingency planning program, tabletop exercises, and more.
  • Successfully remediated all technical and security controls that previously had notable gaps.
  • Client granted Authorization to Operate (ATO) designation.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Successfully met the rigorous DoD compliance requirements of eMASS.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies