Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

Data Privacy

Data Mapping

Data Mapping

Offering data mapping assessments, consulting and advisory services and solutions for Department of Defense (DoD) contractors.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Data Mapping Assessments for DoD Contractors

Arlington offers DoD contractors industry leading data mapping assessments for helping organizations document how their data is collected, used, shared & disclosed, stored, protected, retained, and disposed of.

Federal contractors conducting business with the Department of Defense (DoD) and its affiliated agencies often have significant amounts of sensitive data resident in their information systems, ranging from UCTI, CUI, CDI, and more. Arlington offers a proven methodology for data mapping, giving your organization a crystal-clear picture of how data flows through your systems – and ultimately, how data is collected, used, shared & disclosed, stored, protected, retained, and disposed of.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Proven Process for Comprehensive Data Mapping for DoD Contractors

Arlington has years of experience in data mapping for federal contractors working in the broader Defense Industrial Base (DIB). Our proven process results in a complete picture of one’s entire data lifecycle. Phases undertaken with our data mapping exercised include the following:

Benefits of Arlington’s Data Mapping Services

  • Highly effective in uncovering critical data flow lifecycle issues requiring immediate attention.
  • Greatly aids in improving organizational security, governance and compliance capabilities.
  • The confidence knowing your entire data flow lifecycle is documented and clearly understood.

Why Arlington for Data Mapping

  • Experts in assessing – and understanding – DoD specific data groups and data sets.
  • Hundreds of successful engagements over the last decade for DoD contractors.
  • Fixed-fee pricing for all of our DoD services.
  • Data Classification Programs.

Why Arlington?

Decades of Defense Industry Expertise. Recognized leaders in all things DoD. World-Class Arlington Security Portal (ASP).

Passion. Integrity. Innovation. Impact.

Get Started

Phase I: Discovery

Effective data mapping begins with having a sound understanding of an organization’s data flows and the various data groups and corresponding data sets deemed in scope.

Key measures performed during the initial data mapping phase consist of the following:
  • Identifying, defining, and assessing all in-scope data groups (i.e., UCTI, CUI, CDI, etc.) and accompanying data sets.
  • Documenting all data flows for all in-scope data groups and data sets. Assessing key personnel and defining roles and responsibilities in terms of key deliverables required from the organization.
  • Assessing information security and cybersecurity controls in relation to data privacy Assessing the impact and overall requirements for current and future data privacy and regulatory compliance laws and regulations.
  • Assessing data mapping in terms of third-party service providers.
  • Assessing, understanding, and documenting how all in-scope data groups and accompanying data sets are collected, used, shared & disclosed, stored, protected, retained,and disposed of.

Phase II: Findings & Reporting:

Arlington’s data mapping includes a comprehensive findings report detailing all subject matter assessed in the initial discovery phase.

Specifically, key deliverables of Phase II consist of the following:.
  • Findings and recommendations on how all in-scope data groups and accompanying data sets are collected, used, shared & disclosed, stored, protected, retained, and disposed of.
  • Findings and recommendations in relation to data privacy laws and regulations, information security and cybersecurity controls, third-party vendor data flow and data security requirements, and more.
  • As needed, a formalized plan detailing remediation steps to undertake for correcting any control gaps and deficiencies.

Phase III: Corrective Action, Closure, and Continuous Monitoring

With Arlington, our data mapping services extend well beyond providing a findings report. Specifically, we go to work in helping remediate all critical data mapping issues identified in prior phases.

Key measures performed during this phase consist of the following:
  • Assistance with implementing all necessary technical, security, and operational controls relating to an organization’s entire data flow life cycle.
  • Developing all necessary documentation in terms of policies and procedures for ensuring a comprehensive data privacy program is developed.
  • Final walkthrough of the entire data flow life cycle for ensuring it meets the needs of the organization as necessary.