Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

FISMA SSP Case Study

Our Goal

Assist an IT healthcare services company (client) with authoring an extensive System Security Plan (SSP) as required by the Department of Defense (DoD) for contractual obligations.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client won a large contract offering IT support services to hospitals and clinics within the Military Health System for the DoD. As part of the contract, they were required to produce an extensive SSP that detailed their security controls for their services. Additional challenges included the following:
  • Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, and were not written to the specific NIST SP 800-53 requirements, thus, essentially rendered meaningless when it came to authoring the client’s SSP.
  • Unclear Roadmap and Where to Even Begin: While the client did perform a readiness assessment against the NIST SP 800-53 controls, they had still not remediated all critical policy, technical, and security gaps within their control environment.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Identified all missing NIST SP 800-53 specific security policies, procedures, programs, and plans.

Challenges Solved

  • Developed all required information security policy documentation necessary for authoring an SSP that showcased adequate control coverage against the NIST SP 800-53 framework.
  • Established and put into operation all required NIST SP 800-53 programs - specifically - an incident response plan, contingency planning program, risk assessment program, insider threat program, and more.
  • Authored a formalized, 139 page System Security Plan (SSP).
  • Implementation of a true compliance framework in accordance with NIST SP 800-53 reporting.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
  • Successfully met the rigorous compliance requirements of NIST SP 800-53.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies