Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

FedRAMP SSP Case Study II

Our Goal

Assist a well-known defense contractor in authoring a System Security Plan (SSP) for FedRAMP.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client had no prior experience in authoring a System Security Plan (SSP) specific to FedRAMP, and with a 425 + page template that had to be completed for the FedRAMP HIGH Baseline, they needed immediate help.
  • Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, and were not written to the specific NIST SP 800-53 requirements, thus, essentially rendered meaningless when it came to FedRAMP.
  • Unclear Roadmap and Where to Even Begin: While the client did perform a FedRAMP readiness - and actually remediated security control deficiencies - they had no security policies in place and no strategy on how to even begin writing the SSP.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Identified all missing FedRAMP specific security policies, procedures, programs, and plans.

Challenges Solved

  • Developed all required information security policy documentation for all FedRAMP HIGH requirements.
  • Established and put into operation all required FedRAMP programs, such as incident response, contingency planning, and more.
  • Authored System Security Plan (SSP) for FedRAMP HIGH designation.
  • Implementation of a true compliance framework in accordance with FedRAMP reporting.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
  • Successfully met the rigorous compliance requirements of FedRAMP.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies