Risk Management Framework

The Risk Management Framework (RMF) provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle. In supporting RMF activities, NetSecurity provides support in the following:

  • NIST SP 800-53 Risk Management Framework (RMF) Assessment
  • Transition to Risk Management Framework (RMF)
  • Continuous Monitoring
  • Security Assessment and Authorization (A&A)

Security Assessment and Authorization (A&A)

OMB Circular A-130, Appendix III, requires that agencies conduct Assessment and Authorization (A&A) – formerly Certification and Accreditation (C&A) – of information systems. The A&A is a formal methodology for testing and evaluating a system’s security controls to ensure that the system is configured properly to meet the security controls in NIST SP 800-53. Armed with the most complete, accurate, and trustworthy information possible on the security status of a system, an agency official can make risk-based decisions on whether to authorize operation of a system in the agency.

NetSecurity's consultants are experienced in performing A&A following NIST (800-37) methodology. Our service activities may include any of the following:

  • Security Test & Evaluation (ST&E): Develop plans and test procedures and execute tests.
  • Security Assessment Report (SAR).
  • Risk Assessment: Security Risk Assessment, E-Authentication, and Privacy Impact Assessments.
  • System Security Plan (SSP): Review and develop SSPs.
  • Contingency Plans: Business Impact Assessment (BIA), Develop IT Contingency Plans, Conduct testing exercises.
  • Ancillary Documents: Develop Change Management Plan, Incident Response Plan, and POA&M.
  • Authorization Package.