CyberSecurity: WHAT IS SA&A for Federal Agencies?

CyberSecurity: WHAT IS SA&A For Federal Agencies?

CyberSecurity: WHAT IS SA&A for Federal Agencies?

U.S. federal agencies, and contractors operating IT systems on behalf of the federal government, are mandated by the Federal Information Security Management Act (FISMA) to continuously monitor the security risks posed to their infrastructure and to take appropriate actions to mitigate the risks. Security Assessment and Authorization (SA&A) is the process by which federal agencies examine their information technology infrastructure and develop supporting evidence necessary for security assurance accreditation.

Getting through the SA&A process can be a daunting task and many agencies require additional resources to meet their SA&A needs. Even if you have adequate in-house resources, it may be a conflict of interest to assess your own SA&A Package. COACT’s SA&A consultants have experience helping Federal agencies obtain positive results. We review your existing management, operational, and technical controls and generate evidence that demonstrates that your organization has taken into consideration all risks, and has taken actions to mitigate those risks. We speak on your behalf and interface with the evaluators, OIG and auditors to defend the evidence.