ASSESSMENT & AUTHORIZATION (A&A)
CERTIFICATION & ACCREDITATION (C&A)
INFORMATION ASSURANCE (IA)
SECURITY TEST & EVALUATION (ST&E)
To help secure information systems within the Federal government, including the critical infrastructure of the United States, TrustedQA uses established standardized assessment methods and procedures to assess the security controls in federal information systems.
Our A&A / C&A processes will determine if security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the agency.
TrustedQA assessments take into consideration the entire system, network, and application lifecycle from a security standpoint. In short, the A&A / C&A process is a manual audit of policies, procedures, controls, and contingency planning.
The employment of standard assessment methods and procedures promotes more consistent, comparable, and repeatable security assessments. TrustedQA will also develop specific security test and evaluation procedures and methods for unique and non-standard environments. For those systems that exhibit security vulnerabilities, TrustedQA will produce recommendations for bringing the appropriate security controls into compliance.
The outcome of the A&A / C&A process is to put together a collection of documents that describe the security posture of the systems, an evaluation of the risks, and recommendations for correcting deficiencies. It is what’s known as a Certification Package.
The Defense Information Assurance Certification and Accreditation Program (DIACAP) is currently being replaced across DoD with a new process named Risk Management Framework (RMF). RMF’s goal is to develop and maintain the same Certification & Accreditation (C&A) process and control throughout the entire Federal Enterprise (DoD and civilian), allowing for greater inter-connectivity between agencies.
The words “Certification & Accreditation” are actually misnomers. When security professionals evaluate a particular system, they are not actually certifying anything; they “assess” it and provide recommendations. In DIACAP this recommendation was incorrectly called a “certification”, leaving many wondering why the still couldn’t go live after their system was “certified”. To avoid confusion, RMF will call this step an “assessment”.
The second part of the process is similarly confusing. After “certification” the recommendation was sent to a Designated Accrediting Authority (DAA). The DAA’s signature actually completed the “accreditation” portion and allowed the system to go love or remain in operation, when in reality the DAA’s role is to “authorize” the assessment instead of “accredit” it. To clarify the entire process, RMF will change Certification & Accreditation (C&A) to Assessment & Authorization (A&A).
TrustedQA’s Information Assurance Analyst are knowledgeable on RMF’s six-step system life cycle process and can help guide your programs transformation from traditional C&A to RMF’s A&A.
Our skilled and experienced C&A Assessment Teams can help in many areas, including:
“TrustedQA has consistently provided our clinical trials support division with excellent technical staff over the years. They are one of our trusted partners.”
“TrustedQA continues providing excellent testing resources who quickly exceed expectations in the GCCS-J Agile software development and test environment. Would recommend them to a team looking to augment staff with consistently high quality software testing support staff.”
“TQA is the top performing vendor on my program in terms of responsiveness, quality, attention to detail and following process. We intend to include them on our upcoming recompete of the current contract based on their sustained superior performance.”
“TQA is truly our “go-to” vendor for immediate staffing needs. We know when we reach out to them, they are able to provide highly qualified staff that can meet both our short and long term program needs. They have been supporting our current contract for over 9 years and have always provided great support.”
“Their approach is really great as they focus on those hybrid outside the box critical thinker testers who can perform all types of testing, hence the word “hybrid” where testers also have a situational approach to testing, not just “checkers” but overall contributors to quality.”
“Concur continuously uses TrustedQA to source ‘Quality’ candidates. Over the years we’ve been impressed at the personal attention TQA offers us; in particular to understand our business challenges so that only the top talent that meets our needs is sourced.”
“The TQA technical team has provided support as expected. Their employees are qualified, perform productive work quickly, and have shown a wealth of knowledge and experience. Many come with skills that are difficult to find/fill. We have been extremely happy with the candidates that have come from TrustedQA.”