Our Goal
Assist a well-known defense contractor in authoring a System Security Plan (SSP) for FedRAMP.
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Challenges & Needs
The client had no prior experience in authoring a System Security Plan (SSP) specific to FedRAMP, and with a 425 + page template that had to be completed for the FedRAMP HIGH Baseline, they needed immediate help.
-
Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, and were not written to the specific NIST SP 800-53 requirements, thus, essentially rendered meaningless when it came to FedRAMP.
-
Unclear Roadmap and Where to Even Begin: While the client did perform a FedRAMP readiness - and actually remediated security control deficiencies - they had no security policies in place and no strategy on how to even begin writing the SSP.
Our Solution
Arlington successfully implemented the following strategies and solutions:
-
Defined project scope, including roles and responsibilities for all internal personnel at the client.
-
Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
-
Identified all missing FedRAMP specific security policies, procedures, programs, and plans.
Challenges Solved
-
Developed all required information security policy documentation for all FedRAMP HIGH requirements.
-
Established and put into operation all required FedRAMP programs, such as incident response, contingency planning, and more.
-
Authored System Security Plan (SSP) for FedRAMP HIGH designation.
-
Implementation of a true compliance framework in accordance with FedRAMP reporting.
Value Created
-
Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
-
Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
-
Successfully met the rigorous compliance requirements of FedRAMP.
Why Arlington?
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.
Sidebar
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.