|
We provide our clients a structured certification and accreditation (C&A) approach for developing consistent, comparable, and repeatable assessments; promoting a better understanding of agency-related mission risks resulting from the operation of IT systems; and creating more complete, reliable, and trustworthy information. We have worked on more than 200 C&A projects for federal and Department of Defense (DoD) agencies, using National Institute of Standards and Technology (NIST) SP 800-37 and DoD guidance - DIACAP.
CNA consultants are experienced in performing Certification and Accreditation (C&A). We can manage and/or conduct a complete certification or prepare and assess individual documents in the final certification package that is ultimately presented to the accreditor for approval. Our service activities can include any of the following:
- Developing a System Security Plan (SSP)
- Developing a DIACAP Implementation Plan
- Developing a security test and evaluation (ST&E) plan and test procedures
- Conducting an ST&E
- Analyzing and reporting test results
- Developing and/or conducting a vulnerability assessment
- Developing a final vulnerability assessment report
- Conducting a risk assessment
- Developing a Continuity of Operations and Disaster Recovery Plans
- Developing a Contingency Plans
- Developing a DIACAP Score Card
- Developing a POA&M
- Developing the certification and accreditation package
-
Providing technical support to the certifier or accreditor
|
|