Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

FISMA

Scoping & Gap Assessments

Scoping & Gap Assessments

Offering NIST Risk Management Framework (RMF) Federal Information Security Modernization Act (FISMA) scoping & gap assessments for Department of Defense (DoD) contractors and other federal contractors.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Federal Information Security Modernization Act (FISMA) Policies and Procedures | Remediation | Templates, Writing Services | NIST 800-53| DoD

Arlington provides a complete lifecycle of NIST Risk Management Framework (RMF) Federal Information Security Modernization Act (FISMA) services and solutions for Department of Defense (DoD) contractors and other federal contractors all thro

If you’re a federal contractor who supports a federal agency’s information systems, FISMA compliance is often a contractual requirement. Quite often, contractors have data from federal agencies resident in their own information systems or environments, or at the very least, play an important role in the design, development, implementation, assessment, operation, maintenance, and disposition of information systems for a federal agency.

 At Arlington, we also offer a wide range of advisory services for FedRAMPNISP eMASS DCSANIST 800-171FISMADoD Cloud Security and so much more.

As a contractor, your very first step in becoming FISMA compliant starts by undertaking a FISMA scoping & gap assessment against NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, the very framework used for earning FISMA compliance. While FISMA was – and still is – used by federal agencies in the “…the design, development, implementation, assessment, operation, maintenance, and disposition of information systems,” it’s taken root firmly with local and state agencies, and also the private sector.

Arlington can assist with all aspects of FISMA compliance for federal contractors, from performing scoping & gap assessments to remediation, and even conducting Security Assessment Reports (SAR).

FISMA Scoping & Gap Assessments

A critical element for FISMA success – and earning Authority to Operate (ATO) designation – is identifying all compliance gaps within the prescribed control families of the NIST SP 800-53 publication, then remediating them. Our FISMA scoping & gap assessments rapidly identifies all gaps, provides a prioritization plan for remediation, while also offering numerous tools and solutions (i.e., policy documents) throughout the process for aiding in correcting control gaps.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Related Services

Corresponding Case Studies

FISMA Scoping & Gap Assessment Process

Benefits of FISMA Scoping & Gap Assessments

  • Quick & efficient process for identifying control gaps.

  • Dozens of helpful tools for correcting technical and documentation gaps.

  • Industry leading methodology for rapid remediation with no POAMs.

Why Arlington for FISMA Scoping & Gap Assessments

  • One of the most well-known and trusted federal compliance firms.

  • Since 2002, a leading authority on FISMA compliance.

  • Fixed-fee pricing for all of our FISMA services.

Why Arlington?

Decades of Defense Industry Expertise. Recognized leaders in all things DoD. World-Class Arlington Security Portal (ASP).

Passion. Integrity. Innovation. Impact.

Get Started

Step 1: Control Framework Walkthrough

Earning FISMA compliance and subsequent Authority to Operate (ATO) designation (if needed) ultimately means complying with NIST SP 800-53, the federal government’s widely adopted information security framework. NIST SP 800-53 is an incredibly comprehensive and granular InfoSec framework, consisting of (as of Revision 5), twenty (20) control “Families”, with hundreds of supporting controls.

Because of the sheer volume of controls for which federal contractors must comply with for earning FISMA compliance, a Control Framework Walkthrough is an absolute must. With Arlington, our process is efficient and comprehensive, with the end result being a formalized, documented Prioritization Plan for Remediation.

Step 2: Prioritization Plan for Remediation (PPR)

Following the Step 1 Control Framework Walkthrough, Arlington will deliver a Prioritization Plan for Remediation (PPR). Compiled and developed by our well-skilled consultants, the PPR will detail all control gaps found, the necessary tools and solutions needed to remediate all gaps, while also providing helpful documentation – such as our policy templates – for finishing the job.

Regardless of who performs remediation, the PPR serves as your roadmap for helping ensure all gaps are worked, closed, and hopefully, no Plan-of-Actions and Milestones (POAMs) are left open.

Step 3: Tools & Templates Support

With Arlington, you receive unparalleled support from a firm with decades of DoD experience. This includes offering our industry leading NIST SP 800 security policy templates and toolkits for rapid remediation. Because a large part of becoming FISMA compliant requires a laundry list of policies and procedures to be in place, our templates and toolkits are immensely helpful, saving defense contractors both time and money.

Step 4: Project Management Remediation & Validation

Once your control gaps have been identified and all the relevant tools & solutions are provided to you, Arlington can then project manage the entire remediation efforts. From developing information security policies and procedures in accordance with NIST 800-53 to validating technical compliance for all controls – our team is with you every step of the way for ensuring all identified gaps are worked and closed.