The A&A process is an independent verification & validation (IV&V) of a systems adherence to recognized information assurance security controls. InterSec firmly understands and has successfully helped clients go through the four steps to C&A and A&A: Planning, Certification, Accreditation, and Continuous Monitoring.
Our team of InfoSec Subject Matter Experts (SME) can perform vulnerability scans to verify that patches and other security controls are current, review security settings on devices such as firewalls and servers/workstations to validate that security settings meet expected settings, assist Certifying Authority in reviewing all documentation and determining if identified risks are acceptable, and assist the clients to successfully achieve a formal Authority to Operate.
Our experts have accredited dozens of systems within the Federal Government utilizing DIACAP or NIST-based processes. Our specialty is to take over troubled systems and implement the controls necessary to validate compliance while improving the systems security.
Security Compliance Readiness Assessments
In-house security compliance readiness assessments help identify gaps in security control compliance which if unattended to, could result in successful system exploits. These assessments also help to prepare agencies for Security Assessment & Authentication efforts which determine eligibility for Authority to Operate awards.
To better harden systems against vulnerabilities and threats, continuous monitoring services must be implemented. Continuous monitoring enhances Incident Response efforts and time by delivering automated alerts based on real-time correlated threat indicators.