Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

FISMA Scoping & Gap Assessment

Our Goal

Perform a FISMA scoping & readiness assessment - and assist with remediating control gaps - for a large commercial contractor that ultimately needed to become FISMA compliant.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client was awarded a 10-year contract for performing much-needed building repairs and upgrades for the Department of Transportation. The contract, however, required that the client earn FISMA compliance within 24 months. Additional challenges included the following:
  • Missing Information Security Policies and Procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, and were not written to the specific NIST SP 800-53 requirements, thus, essentially rendered meaningless when it came to authoring the client’s SSP.
  • Missing Operational Controls for Major IT Initiatives: The client had virtually no documentation, programs, or plans in place when it came to incident response, contingency planning, performing a risk assessment, conducting vulnerability scanning, implementing security awareness training for employees, and more.
  • Lack of Internal Manpower and Compliance Expertise: Even though they had won a large number of previous federal agency contracts, FISMA compliance was something completely new to the client. As such, they had nobody with any experience relating to the NIST Risk Management Framework (RMF).

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified security and operational gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Identified all missing NIST SP 800-53 specific security policies, procedures, programs, and plans.

Challenges Solved

  • Developed all required information security policy documentation necessary for authoring an SSP that showcased adequate control coverage against the NIST SP 800-53 framework.
  • Established and put into operation all required NIST SP 800-53 programs - specifically - an incident response plan, contingency planning program, risk assessment program, insider threat program, supply chain risk management plan, and more.
  • Authored a formalized, 78 page System Security Plan (SSP).
  • Conducted an independent FISMA assessment against the NIST SP 800-53 controls (MOD) and issued a Security Assessment Report (SAR).
  • Implementation of a true compliance framework in accordance with NIST SP 800-53 reporting.

Value Created

  • Put in place a corporate culture that understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
  • Successfully met the rigorous compliance requirements of NIST SP 800-53.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies