Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

Outsourced Compliance Case Study

Our Goal

Assist a medium-size (217 employees) defense contractor (client) based in Georgia with growing compliance needs relating to DFARS NIST 800-171, CMMC and FISMA reporting.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client had recently won two (2) notable contracts with the Department of Defense (one with the NAVY and one with the Coast Guard), and specific contractual requirements mandated compliance with NIST 800-171, CMMC, and FISMA reporting. Additional challenges included the following:
  • Missing Corporate Compliance Culture: Other than performing an informal risk assessment years ago, the client had no formal exposure to federal regulatory compliance. As a result, senior I.T and operational staff had no prior experience in performing any type of compliance assessments.
  • Missing Information Security Policies and Procedures: The client had only a marginal number of security policies and procedures in place, however, they were old and poorly written. Additionally, the security policies were never aligned or mapped to any of the existing NIST SP 800 publications.
  • Inadequate Security and Operational Controls: Along with weak security documentation, the client had notable deficiencies with critical security and operational controls when mapped against the DFARS NIST 800-171, CMMC and FISMA reporting requirements.
  • Missing Security & Compliance Tools and Solutions: DFARS NIST 800-171, CMMC and FISMA compliance required implementation of various security solutions, all of which the client did not have in place.
  • No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had a history of managing a federal compliance engagement, especially when it came to NIST 800-171, CMMC and FISMA.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Defined project scope, including roles and responsibilities for all internal personnel at the client.
  • Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
  • Initiated contact with seven major software vendors, allowing our client to choose the best products for their operations.

Challenges Solved

  • Developed all required information security policy documentation.
  • Successfully remediated all technical and security controls that previously had notable gaps.
  • Issued System Security Plan (SSP) to client, allowing them to showcase compliance to the Department of Defense (DoD), and to other prospects as evidence of internal control compliance with NIST 800-171, CMMC and FISMA.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
  • Developed and implemented a highly respected regulatory compliance framework formalized and well-documented internal controls
  • Successfully met the rigorous DoD compliance requirements of NIST 800-171, CMMC and FISMA.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered


Related Case Studies