-
Case Study
-
Mobility Solution
Emergency preparedness took on a new sense of urgency in the wake of the anthrax attacks that targeted the nation’s mail distribution networks. CRGT helped one agency ready itself to deal with similar situations by implementing a mobile solution that has enabled the nationwide coordination of emergency planning and response activities.
-
Certification & Accreditation (C&A)
The Certification and Accreditation (C&A) process provides your organization with a in-depth security analysis that includes a detailed description of the security posture of existing systems, an evaluation of potential security risks, and recommendations for correcting identified deficiencies. CRGT then creates and compiles a collection of documents into a certification package that typically includes the following:
- System Categorization Statement
- System Description with System Boundaries Noted
- Network Diagram and Data Flows
- Software and Hardware Inventory
- Business Risk Assessment
- System Risk Assessment
- Contingency Plan
- Self-Assessment
- System Security Plan
CRGT has provided security consulting and solutions to the Federal Government for the past 15 years. We are an effective leader in balancing practical, subject matter expertise in mission-critical solutions delivery with an in-depth understanding of how best to protect those solutions.
We understand the National Information Assurance Certification and Accreditation (NIACAP) process and have taken numerous government agencies and their systems through the Certification and Accreditations (C&A) process, including obtaining deployment authorizations from Interim Authority To Test (IATT) to a complete Authority To Operate (ATO). We are also proficient in the application of Security and Technical Implementation Guidelines (STIGs), Information Assurance and Vulnerability Assessments (IAVAs), and Security Readiness Reviews (SRRs) in large complex production environments and can quickly help harden pilot infrastructures using numerous third party tools such as NESUS and AppScan.
Our expertise also includes assisting clients with maintaining and updating software application certification and accreditation. Maintaining a high-security profile is necessary whenever changes such as application updates, environmental configuration changes, or system software updates are introduced into a system. For each proposed system change, CRGT performs a full assessment of the security impact. We review all scans for vulnerabilities and work with the client to address any that arise. This may result in the immediate resolution of the finding or in the development of a Plan of Action and Milestones (POA&M) where the vulnerability is described and mitigations or waivers are identified and executed.
Security profile updates often result in periodic audits, annual assessments, and full re-certification and re-accreditation. We assist your organization with these periodic updates by providing all the necessary system information including logs, configurations, and screen shots. We also assist in the preparation of full C&A documentation including System Security and Authorization Agreements (SSAA), Independent Risk Assessments, System Security Plans (SSP), and the System Security Testing and Evaluation (SST&E) Plan, among others.
In order to implement and verify all DIACAP controls, CRGT has developed a proactive process to ensure compliance with each control and to maintain compliance throughout the period of accreditation. Our process includes the following items:
- Effective division of labor with assigned process area owners
- Task assignment and tracking through completion
- Use of templates and sample documentation wherever possible
- Report standardization at all levels
For more information on how we can help meet your Certification & Accreditation challenges contact us at info@crgt.com.