SBA 8(a)
ISO 9001:2015
ISO/IEC 27001:2013
ISO/IEC 20000-1:2018
CMMI-SVC ML3 v2.0
CAGE 6VE87
UEI DL3JL6J1XG98

Security Assessment & Authorization (SA&A)

Securing Federal systems against cyber-attack is one of the nation’s highest priorities. Defenses to protect systems against a variety of internal and external threats should be based on the mission of a system and should not just be a paper exercise. The risk must be understood, mitigated, and consistently and measurably managed throughout its life-cycle.

Request a Consult

Assurit Security Assessment and Authorization Services help you evaluate your management, operational, technical and privacy controls to ensure they are implemented properly and operating effectively.

Integrated Approach

Whenever possible, our team approaches an SA&A engagement by advising and supporting our clients to integrate security requirements into the system development life cycle (SDLC). This ensures that security is addressed at the onset and not added on later and treated as an afterthought.

Identify True Risk

For every security assessment and authorization (SA&A) activity, our team will support your organization in identifying the true risk in operating the system and provide our recommendation if an ATO should be granted. The security assessment should be used to answer the following questions:

Is there any critical information?
What controls are in place?
What is the current security posture?
Are there sufficient countermeasures?
Are there any high-priority issues that need to be resolved first?

Maintain Compliance

Federal agencies are mandated by the Federal Information Security Modernization Act (FISMA) to understand the security risks posed to their systems, applications and environment, and are required to take appropriate actions to mitigate these risks. Assurit provides SA&A services that will help you get and remain compliant through a proven methodology that ensures customer readiness and efficient delivery with minimal impact on your support teams.

Assurit SA&A Services

Our Security Assessment and Authorization engagements include:

Security Architecture, Policy & Procedures Review

By evaluating the overall security design and architecture of your environment and thoroughly reviewing all organizational policies and procedures, Assurit can provide proactive support to ensure that the necessary aspects required for authorization are addressed. We utilize industry best practices and applicable guidance based on your information types as a guide to perform a gap analysis.

System Documentation Development

Using the guidance provided in the NIST Special Publications (e.g., SP-800-18, SP 800-37, SP 800-61, SP 800-137, etc.) we will develop all documentation required for your organization to successfully obtain an ATO from the authorizing official. These include the system boundary, system categorization, system security plan, risk assessment and supporting policies and procedures.

Security Control Assessments

Our assessments, for both commercial and government clients, are based on the Risk Management Framework (RMF) and security controls defined in NIST 800-53 Rev4, Security and Privacy Controls for Federal Information Systems and Organizations. Our standard assessment approach which follows SP 800-53A determines if security controls are implemented correctly, operating as intended, and producing the desired outcome.

Development & Tracking of POA&Ms

A Plan of Actions & Milestones (POA&M) describes the current disposition of any discovered vulnerabilities and system findings resulting from an assessment or continuous monitoring activities. By supporting tracking and remediation of these items in a timely manner, Assurit can ensure the risk of operations is always within acceptable limits for the organization.