Are You Having Issues with Certification & Accreditation?
We can help you achieve your Authority to Operate (ATO).
CERTIFICATION AND ACCREDITATION (C&A)
As a result of government compliance actions, specifically the Federal Information Security Management Act (FISMA), C&A and its counterparts are a necessity. As a result, in order to provide IT services to the government your systems must undergo a C&A methodology or framework.
Generally speaking, government agencies each have their own processes for C&A, requiring specific documentation and guidelines. This undertaking can be very complex and often takes months to complete.
We can help. Our consultants have expertise in all aspects C&A and have worked with many federal agencies. Our consultants, will work through any applicable framework (including NIST, ICD, NISPOM, and DIACAP) to ensure the C&A of your system is completed in an efficient and timely manner.
OUR C&A SERVICES
We can provide an on-site consultant for any portion of the project or to see the project through to its completion. Our consultants can help guide your team through the documentation and complex framework of any C&A methodology.
Our team is available to review your documentation against system and control implementation. We can provide guidance as to how to mitigate identified openings on the basis of each control’s current implementation.
C&A requires a great deal of documentation, including System Security Plans (SSPs), a System Security Authorization Agreement (SSAA), Security Policies, Continuity Plans, etc. Our team can specifically tailor these documents to your organization and/or system.
One of the more complex requirements of a C&A effort is to “harden” the system or network. Most systems, devices, and appliances arrive from the factory in a fairly open configuration and therefore may not be specified to what your system needs. To receive an Authority to Operate, you must harden and configure your system per the requirements set forth by the applicable Accreditation Board. Our team can harden your systems in both secure and unclassified environments.
Let us handle your entire C&A effort, from beginning to end. Our complete package includes all of the above services. By letting us handle your C&A requirements, you have the ability to focus on what you do best.