Our Goal

Assist a large federal contractor (client) with becoming FISMA compliant as required by numerous agencies within the broader Department of Defense (DoD) apparatus.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Challenges & Needs

Per contractual requirements, the client needed to become FISMA compliant for two (2) specific services they were offering to the DoD. Additional challenges included the following:

No Real Experience with FISMA: As large as the defense contractor was, surprisingly, they had never been formally asked to report on FISMA compliance. As such, they had no experience in any aspect of FISMA.
Weak Security Documentation: With the exception of a handful of corporate-wide security policies, the client had no existing InfoSec, cybersecurity, or data privacy policies and procedures in place specific to FISMA reporting.
Inadequate Security and Operational Controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the NIST SP 800-53 framework.
Missing Security & Compliance Tools and Solutions: FISMA compliance required implementation of various tools, such as two-factor authentication, File Integrity Monitoring (FIM), data marking/tagging solutions, and more – none of which the client had in place.
No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had any real history of managing a federal compliance engagement such as FISMA.

Our Solution

Arlington successfully implemented the following strategies and solutions:

Defined project scope, including roles and responsibilities for all internal personnel at the client.
Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
Initiated contact and coordinated demo sessions with eight software vendors, allowing the client to choose the best products for their operations.

Challenges Solved

Developed all-new FISMA specific information security policies and procedures documentation in accordance with NIST SP 800-53.
Conducted in-house security awareness training.
Established and put into operations an all-new cyber incident response and reporting program as required by the DoD for reporting breaches within a 72-hour period.
Established contact and strong working relationships with all in-scope third-party vendors (i.e., managed security services providers)
Authored System Security Plan (SSP) as required for FISMA.

Value Created

Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
Developed and implemented a highly respected regulatory compliance framework formalized and well-documented internal controls
Successfully met the rigorous compliance requirements of FISMA.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.