Risk Management Framework
The Risk Management Framework (RMF) provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle. In supporting RMF activities, NetSecurity provides support in the following:
- NIST SP 800-53 Risk Management Framework (RMF) Assessment
- Transition to Risk Management Framework (RMF)
- Continuous Monitoring
- Security Assessment and Authorization (A&A)
Security Assessment and Authorization (A&A)
OMB Circular A-130, Appendix III, requires that agencies conduct Assessment and Authorization (A&A) – formerly Certification and Accreditation (C&A) – of information systems. The A&A is a formal methodology for testing and evaluating a system’s security controls to ensure that the system is configured properly to meet the security controls in NIST SP 800-53. Armed with the most complete, accurate, and trustworthy information possible on the security status of a system, an agency official can make risk-based decisions on whether to authorize operation of a system in the agency.
NetSecurity's consultants are experienced in performing A&A following NIST (800-37) methodology. Our service activities may include any of the following:
- Security Test & Evaluation (ST&E): Develop plans and test procedures and execute tests.
- Security Assessment Report (SAR).
- Risk Assessment: Security Risk Assessment, E-Authentication, and Privacy Impact Assessments.
- System Security Plan (SSP): Review and develop SSPs.
- Contingency Plans: Business Impact Assessment (BIA), Develop IT Contingency Plans, Conduct testing exercises.
- Ancillary Documents: Develop Change Management Plan, Incident Response Plan, and POA&M.
- Authorization Package.