Security Assessments and Authorization (SA&A)

    The Federal Information Security Management Act (FISMA) of 2002 requires that all U.S. Federal agencies conduct Security Assessment and Authorization (SA&A) for all information systems and major applications that are put into productions on U.S. government networks. SA&A involves expert security analysis and evaluation skills, as well as a thorough understanding of FISMA requirements.

    COACT’s FISMA SA&A consultants have proven expertise in helping U.S. federal agencies comply with FISMA and improve their security posture. Whether your agency requires assistance in setting up an SA&A program, enhancing the program you have already established, certifying new information systems, or validating new SA&A packages, COACT can help you achieve success.

    Many agencies understand the security of their information systems inside and out, but simply don’t have the extra resources it takes to analyze, review, and document the necessary requirements for SA&A. COACT will visit your facility, discuss your SA&A requirements with your Information System Security Officer and Information System Owner, and work with your existing staff to help you accomplish your SA&A objectives. Our SA&A program is backed by our Common Criteria and FIPS experts who understand the type of security elements and configurations that products, applications, and information systems require for full-scope security compliance.

    COACT is available to help you prepare SA&A Packages. As part of our SA&A preparation services, we can help you understand what SA&A entails for your information system(s) at and how to define your accreditation boundaries. Our experienced SA&A consultants have proven expertise in assisting large federal agencies in improving their overall security posture and in developing compliant documentation. We can help you defend your package to the evaluators and advise you on how to get through the evaluation process. COACT can prepare the following types of documents on your behalf:

    • FIPS 199 Security Categorization
    • Asset Inventory (Hardware and Software)
    • System Description/Boundary Description
    • Information System Contingency Plan
    • Business Impact Assessment
    • Configuration Management Plan
    • Incident Response Plan
    • Vulnerability Assessment and Reports
    • System Security Plan (SSP)
    • Process Handbook/Standard Operating Procedures
    • Security Control Assessment
    • Plan of Action & Milestones (POA&MS)
    • Penetration Testing and Reports
    CONTACT US

    Company Name *

    Name *

    Email Address *

    Subject

    Your Message