ISFMT :x C & A and DIACAP Solutions

Certification and Accreditation (C&A) and DIACAP

The Certification and Accreditation (C&A) process ensures systems and major applications adhere to formal documented and established security requirements. Certification and Accreditation mechanisms are currently required by the Federal Information Security Management Act (FISMA). These requirements consist of managerial, operational and technical controls which constitute a set of procedures and judgments leading to a determination of the suitability of the system in question to operate in the targeted operational environment. The overarching goal of C&A is to federal agencies and administrations to place into production systems and applications which remain secure.

The outcome of the C&A process is to put together a collection of documents that describe the security posture of the systems, an evaluation of the risks, and recommendations for correcting deficiencies.

The ISFMT C&A Advantage

The highly experienced and qualified professionals provided by ISFMT possess the intimate knowledge required for the execution of NIST/FISMA C&A processes in addition to military/federal training and certifications commanded to conduct C&A evaluation. These certifications include:

Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Security Plus (Security +)
Information Assurance Security Officer (IASO) training
Certified Authorization Professional (CAP)
Information Systems Security Engineering Professional (ISSEP)

ISFMT utilizes National Institute of Standards and Technology (NIST) C&A standards and OMB documentation requirements, analysis, testing, and reporting for individually assigned systems. The processes employed by ISFMT enable the capture of pertinent information quickly for the facilitation of risk analysis within scope of NIST policies and procedures for our clients.

Our team's exposure to a large and diversified range of projects tremendously broadens our foundation of experience while providing concise insight into how systems are designed, managed, and employed. The development of Residual Risk Assessment (RRA) and Security Controls Assessment (SCA) instruments for our clients is possible through our broad experience in interfaces, data flow, architecture implementations, and security inputs.

DoD Information Assurance Certification and Accreditation Process ( DIACAP )

As the Federal Information Security Management Act (FISMA) was implemented in 2002 as part of the e-Government law, DoD embraced its requirements and enacted the DITSCAP to DIACAP conversion. With the advent of a full DoD 8510.01 DIACAP release in November 2007, the final versions of all systems were placed under the DIACAP process. This process brought DoD requirements for computer security and IA into conformance with Federal requirements found in FIPS 199, FIPS 200 and NIST Special Publications 800-53 and 800-37.

A Higher DIACAP Standard

ISFMT maintains the personnel, necessary skill sets, and knowledge of the processes required to achieve the desired Authority to Operate (ATO) for DoD Systems. ISFMT has acquired multiple lessons learned over the past four years since DIACAP emerged as a DoD IA standard for C&A of military systems through successful DIACAP implementation and accreditation efforts. In fact, ISFMT has performed multiple C&A efforts under FISMA and NIST standards for numerous federal civilian agencies, in addition to U.S. Army departments.

The IA workforce requirements under DoDM 8570.01M identify technical and management professional certifications considered highly desirable and necessary for ensuring proper acceptance of produced documents. ISFMT utilizes personnel who are IA-T Level II, IA-T Level III, IASAE Level II and IA-M Level III certified under this standard to ensure accurate and reliable results.