 Certification and Accreditation |
| |
The Federal Information Security Management Act (FISMA) of 2002 requires that all U.S. federal agencies certify and accredit (C&A) all information systems and major applications that are put into production on U.S. government networks. C&A involves expert security analysis and evaluation skills and a thorough understanding of the FISMA requirements. Each year, U.S. federal agencies are evaluated by the Government Accountability Office (GAO) and are assigned a grade on the 2007 Federal Computer Security Report Card. The grade assigned on the Federal Computer Security Report Card is based completely on how well an agency has complied with FISMA and the C&A process. Agencies that do not have well-established C&A programs, and do not meet the requirements of FISMA, generally tend to score low on the report card.
COACT’s C&A consultants have proven expertise in helping U.S. federal agencies comply with FISMA and improve their annual Cyber Security Report Card scores. Whether your agency requires assistance in setting up a C&A program, enhancing the program you have already established, certifying new information system, or validating new C&A packages, COACT can help. Show us your existing GAO report card and we will put together a plan to help you boost your grade.
Many agencies understand the security of their information systems inside and out, but simply don’t have the extra resources it takes to analyze, review, and document the necessary requirements for C&A. COACT can come on site to your facility, discuss your C&A requirements with your Information System Security Officer and Information Owner, and work with your existing staff to help you accomplish your C&A objectives. Our C&A program is backed by our Common Criteria and FIPS experts who understand the type of security elements and configurations that products, applications, and information systems require for security.
COACT can prepare the following types of C&A documents on your behalf:
FIPS 199 C&A Level Profile
C&A Level Recommendation Memorandum
Asset Inventory (hardware and software)
System Description
Business Risk Assessment
Security Self-Assessment
Information Technology Contingency Plan
Business Impact Assessment
Security Assessment Report
Configuration Management Plan
Incident Response Plan
Vulnerability Assessment and Report
Security Plan
C&A Process Handbook
C&A Document Templates
Security Tests and Evaluations (ST&Es)
Plan of Action & Milestones (POA&Ms)
Accreditation Letter of Recommendation
|
|