SA&A for Federal Agencies

    U.S. federal agencies, and contractors operating IT systems on behalf of the federal government, are mandated by the Federal Information Security Management Act (FISMA) to continuously monitor the security risks posed to their infrastructure and to take appropriate actions to mitigate the risks. Security Assessment and Authorization (SA&A) is the process by which federal agencies examine their information technology infrastructure and develop supporting evidence necessary for security assurance accreditation.

    Getting through the SA&A process can be a daunting task and many agencies require additional resources to meet their SA&A needs. Even if you have adequate in-house resources, it may be a conflict of interest to assess your own SA&A Package. COACT’s SA&A consultants have experience helping Federal agencies obtain positive results. We review your existing management, operational, and technical controls and generate evidence that demonstrates that your organization has taken into consideration all risks, and has taken actions to mitigate those risks. We speak on your behalf and interface with the evaluators, OIG and auditors to defend the evidence.

    If you believe that your information systems are not FISMA compliant, we can advise you on what you need to do to get your information systems ready for the process. We can help you determine which security controls are missing, and which risks are in need of mitigation. If your agency has not yet developed a well-defined SA&A process, we can help you develop a standardized process, and document it in a SA&A Program Handbook. In accordance with your agency’s own security policies, we can help you come into compliance so that you’re SA&A process will be a success!


    Company Name *

    Name *

    Email Address *


    Your Message