Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

FISMA Case Study

Our Goal

Assist a large federal contractor (client) with becoming FISMA compliant as required by numerous agencies within the broader Department of Defense (DoD) apparatus.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

Per contractual requirements, the client needed to become FISMA compliant for two (2) specific services they were offering to the DoD. Additional challenges included the following:
  • No Real Experience with FISMA: As large as the defense contractor was, surprisingly, they had never been formally asked to report on FISMA compliance. As such, they had no experience in any aspect of FISMA.
  • Weak Security Documentation: With the exception of a handful of corporate-wide security policies, the client had no existing InfoSec, cybersecurity, or data privacy policies and procedures in place specific to FISMA reporting.
  • Inadequate Security and Operational Controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the NIST SP 800-53 framework.
  • Missing Security & Compliance Tools and Solutions: FISMA compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – none of which the client had in place.
  • No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any real history of managing a federal compliance engagement such as FISMA.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Initiated contact and coordinated demo sessions with eight software vendors, allowing the client to choose the best products for their operations.

Challenges Solved

  • Developed all-new FISMA specific information security policies and procedures documentation in accordance with NIST SP 800-53.
  • Conducted in-house security awareness training.
  • Established and put into operations an all-new cyber incident response and reporting program as required by the DoD for reporting breaches within a 72-hour period.
  • Established contact and strong working relationships with all in-scope third-party vendors (i.e., managed security services providers)
  • Authored System Security Plan (SSP) as required for FISMA.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework formalized and well-documented internal controls
  • Successfully met the rigorous compliance requirements of FISMA.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies