Assessment & Accreditation (A&A) Offerings

NIST SP800-37 states that “…security authorization challenges managers at all levels to implement the most effective security controls Information Assurance Capability possible in an information system, given mission and business requirements, technical constraints, operational constraints, cost/schedule constraints, and risk-related considerations.” CryptoForensics is thoroughly grounded in all aspects of the Assessment and Accreditation (A&A) requirements and can expertly implement the crucial processes that will enable any government agency to successfully support and sustain an efficient process in accordance with budget and regulatory requirements. Proper planning and procedures are essential to ensure that the A&A aspect of your IT system operates cost effectively and efficiently.

We understand that documentation of security controls and process of IT systems is only the first step in the A&A process, and that systematic risk assessment and vulnerability analysis are necessary to identify potential areas to improve the A&A process. Cryptoforensics can assist any agency to successfully navigate the challenge set forth in several regulations and standards, including:

• Federal agencies: FISMA, NIST SP800-37, HIPAA, and OMB A-130
• DoD specific: 8510.01 (DIACAP) and transition from 5200.40 (DITSCAP)
• National security systems specific: DCID 6/3 and NSTISSI No. 1000 (NIACAP)

Our A&A offerings include repeatable and efficient processes that streamline the C&A process to ensure the following objectives:

• Enhanced overall enterprise security management plan and processes through integration of lessons learned from the A&A process
• Improved system and program security beyond compliance requirements
• Quicker and more effective transition to new guidance and regulations
• Qualified professionals with the appropriate level of training and skill sets to address mission critical and business challenges