Capabilities Compliance Services

Capabilities Compliance Services

Certification and Accreditation (C&A)

TDI has a proven track record in helping our clients adopt and comply with the various Certification & Accreditation processes.

Given the very real nature of threats to cyber security, organizations maintain heightened security awareness. For the Government, this translates to implementing effective controls and processes to protect its resources and secure its infrastructure. TDI is intimately familiar with the Certification and Accreditation (C&A) process and the associated standards and laws (FISMA, DIACAP, NIST SP 800-37, DCID 6/3, etc.) that mandate a formal process become instituted and followed. Since the C&A process was first defined (GISRA, DITSCAP, NIACAP, etc.), TDI has been providing C&A support and services to many of our Government and commercial clients. TDI has the experience (DoD, Civil, Intelligence, Commercial) and expertise to support your C&A needs: articulating security controls in a System Security Plan (SSP) or System Security Authorization Agreement (SSAA) for a given Major Application (MA) or General Support System (GSS); defining system boundaries; drafting Interconnection Agreements; establishing security categorizations (FIPS 199); assessing the effectiveness of the security controls in place with a Security Test and Evaluation (ST&E) and Security Assessment Report (SAR); managing and remediating weaknesses uncovered as a result of that assessment through continuous monitoring and a Plan of Action and Milestones (POA&M); and/or interfacing and drafting documents as necessary for the Certification Agent (CA) and Designated Approval Authority (DAA).