Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

FedRAMP Case Study I

Our Goal

Assist a relatively new (organization was only 2 years old), small (64 employees) defense contractor (client) based in Southern California with becoming FedRAMP compliant for its body armor product lines.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client had no prior experience with compliance reporting to the Department of Defense (DoD), as the FedRAMP framework (at that time) was new to all DoD contractors throughout North America. Additional challenges included the following:
  • Missing corporate compliance culture: Other than performing an informal risk assessment five years ago, the client had no formal exposure to federal regulatory compliance. As a result, senior I.T and operational staff had no prior experience in performing any type of compliance assessments.
  • Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, essentially rendered ineffective for any type of meaningful mapping to FedRAMP.
  • Inadequate security and operational controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the NIST SP 800-53 framework.
  • Missing security & compliance tools and solutions: FedRAMP compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – all of which the client did not have in place.
  • No project management experience for regulatory compliance: None of the internal I.T. and operational staff had history of managing a federal compliance engagement such as FedRAMP.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Initiated contact with seven major software vendors, allowing our client to choose the best products for their operations.
  • Developed all-new FedRAMP specific information security policies and procedures documentation.

Challenges Solved

  • Successfully remediated all technical and security controls that previously had notable gaps.
  • Developed all required information security policy documentation.
  • Established and put into operations an all-new cyber incident response and reporting program.
  • Authored System Security Plan (SSP) for FedRAMP HIGH designation.
  • Implementation of a true compliance framework in accordance with FedRAMP reporting.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
  • Successfully met the rigorous compliance requirements of FedRAMP.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies