What does DCSA expect to be in place for “Testing” regarding an Incident Response Plan (IRP)?

While you hope to never have a critical incident that could impact the system, DCSA does want assurances that cleared contractors are prepared, and can respond accordingly.  With that said, tabletop exercises are an excellent way to illustrate compliance with Incident Response Testing (IR-3).  The tabletop exercise should include different scenarios and detailed responses to each scenario. 

Additionally, tabletop exercises should mirror potential real-world situations for your actual environment. For example, if your system in scope for eMASS is identified as Multi-User Standalone (MUSA) or Single-User Standalone (SUSA), then perform tabletop exercises reflecting such environments.   Providing DCSA with tabletop exercise results for a Wide Area Network (WAN) when you operate in a Standalone environment shows little value, if any.

Visit the Arlington Security Portal (ASP) and gain access to our industry leading Incident Response Testing Toolkit containing comprehensive, real-world tabletop exercises you can perform for eMASS reporting.

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.  Core services and solutions offered include the following:

• Scoping & Gap (i.e., Readiness) Assessments
• Remediation Services (Policy and Procedures writing)
• Remediation Services (Technical and Operational)
• System Security Plan (SSP) Development
• Completion of eMASS Export Control Spreadsheets
• Continuous Monitoring (ConMon) Services