|  Home  |  About COACT  |            COMMON CRITERIA   FIPS 140-2   SCAP TESTING   PIV TESTING   CERTIFICATION (C&A)   C&A for Federal Agencies   C&A for Private Industry   Establish a C&A Program   Prepare C&A Packages   C&A Package Evaluation   Relevant Links   SECURITY SERVICES   GSA SCHEDULE   CONTRACT VEHICLES Certification and Accreditation : C&A for Federal Agencies   U.S. federal agencies are mandated by the Federal Information Security Management Act (FISMA) to understand the security risks posed to their infrastructure and to take appropriate actions to mitigate the risks. Certification and Accreditation (C&A) is the process by which federal agencies examine their information technology infrastructure and develop supporting evidence necessary for security assurance Accreditation. Getting through the C&A process can be a daunting task and many agencies require additional resources to meet the three year C&A deadline. Even if you have enough in-house resources, it may be a conflict of interest to prepare your own Certification Package. COACT’s C&A consultants have experience helping federal agencies obtain positive Accreditations. We review your existing management, operational, and technical controls and generate evidence that shows you have taken into consideration all risks, and have taken actions to mitigate those risks. We speak on your behalf and interface with the evaluators to defend the evidence. We can advise you on which Accreditation level to strive for based on the confidentiality, integrity, and availability levels described in FIPS 199. If you believe that your information systems will not stand up to C&A, we can advise you on what you need to do to get your information systems ready for the process. We help you determine which security controls are missing, and which risks are in need of mitigation. In accordance with your agency’s own security policies, we can help you come into compliance so that your C&A process will be a sure success. If your agency has not yet developed a well-defined C&A process, we can help you develop a standardized process, and document it in a C&A Program Handbook. If you have a handbook, we can help you develop templates to accompany your handbook. The 2007 Federal Computer Security Report Card is based almost entirely on C&A and our goal is to help you improve your grade.   Contact Us  |  Sitemap  |  Privacy Statement  |  Copyright COACT, Inc. 2010. All rights reserved.