Assessment and Authorization (A&A) is required by the Federal Information Security Management Act (FISMA) of 2002. FISMA requires that all systems and applications supporting federal agencies must go through a formal A&A/Certification and Accreditation (C&A) process before being put into production and use. System granted authority to operate (ATO) are recertified every three years thereafter.
Keya staff works with civilian federal agencies to guide them through three essential A&A/C&A processes: (1) independently evaluate the system’s protection features within their mission and operational environment; (2) certify the technical and non-technical features of a system and security controls; and (3) prepare the agency to receive official accreditation in compliance with agency regulatory mandates. Keya complies with all applicable OMB circulars, NIST Special Publications, and/or agency-specific policies to take federal agencies through a detailed process leading to certification and accreditation. Keya’s certification assistance involves three phases.
Keya areas of expertise and assessment include:
We are assisting clients in their transition from DoD Information Assurance Certification Accreditation Process (DIACAP) to the March 2014 version of DoD Instruction 8510.01, Risk Management Framework for DoD Information Technology. Keya personnel are assisting clients with the transition from Certification and Accreditation (C&A) to the Assessment and Authorization (A&A) process.
Keya personnel are skilled and knowledgeable in risk management support within the nation’s intelligence community. Assigned personnel have the required security clearances and are experienced assisting client’s transition from Director of Central Intelligence Directive (DCID) 6/3 processes to the more comprehensive Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Security Risk Management (July 2015) assessment and authorization.
Keya personnel are skilled and highly experienced and provided NIST SP 800-53-compliant risk management support to civilian federal agencies. We are familiar with and have applied a variety of agency unique regulations. With DoD and intelligence community experience Keya personnel are a position to offer a wide array of procedural and product-driven security control solutions to meet every operational need.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 require all necessary administrative, technical, and physical controls be implemented to protect the privacy of sensitive patient information. Keya personnel understand HIPAA mandates and are skilled and experienced in meeting the unique needs of defense and civilian agencies providing medical services. With assignments within the DoD medical community and the civilian federal agencies as well Keya personnel have strong qualifications to deliver comprehensive risk management framework assessments and concurrent compliance with HIPAA and other special care mandates within the Federal Government’s medical communities including TRICARE, Department of Veteran Affairs, Department of Health and Human Services, The National Science Foundation, and the National Institutes for Health.