Life Cycle Certification and Accreditation.

Accreditation Lifecycle

Security Testing

Awareness Training

Security Engineering

Security Documentation

Certification and accreditation is more than a paper process - it documents a security strategy and provides evidence of due diligence. Much of the compilation of an accreditation package provides a security snapshot in time. We understand the finer points of what a helpful and concise certification and accreditation package means to an organization.

The gamut of certification activities include requirements analysis, risk assessments, security assessments, continuous monitoring, and documentation. We are experienced with these aspects as well as several accreditation frameworks to include the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), National Information Assurance Certification and Accreditation Process (NIACAP), and the Guide for the Certification and Accreditation of Federal Information System found in the National Institute of Standards and Technology (NIST) Special Publication 800-37.

Security documentation formalizes the management, operational, and technical activities associated with a given system. Carefully developed, maintained, and implemented security documentation demonstrates an organizations commitment to due diligence and best practices for information technology governance. A variety of documents are typically created to support a security program. Some of the more common documents include risk assessments, contingency plans, business continuity plans, system security plans, incident response plans, security training plans, change management plans, security baselines, and various procedures. The key principle in creating quality security documentation is to ensure that the proper depth and breadth of a requirement is specified and supported with risk management determinations. Sentinel Consulting has substantial experience in the creation of relevant and practical security documentation meeting the needs of an organization.

Our expertise in the realm of certifications enables us to act as an independent third-party to evaluate your system or accreditation package. Our goal is to provide a through analysis of what you have documented to determine if the controls specified are implemented as planned and operating as intended.

© 2007 Sentinel Consulting.