Assessment & Authorization
Federal Agencies are required to perform an Assessment process known as Assessment and Authorization, or A&A, by utilizing a systematic approach using the Risk Management Framework (RMF). Once certified that the program has incorporated the proper level of Security Controls along with developing the related security documentation to protect their system, an Authorization to Operate (ATO) is granted. This ATO will provide other agencies, along with the owners of the data within the program, the assurance that the program has been secured and is reliable.
This process will allow the Federal Agency to share data amongst other Agencies, so long as they retain their ATO by maintaining the appropriate security posture. This is achieved with a proper Continuous Monitoring effort, which promotes a robust patching process and an evaluation process to validate that the security controls are still working at their highest levels.
Organization outside of the Federal Government are starting to utilize the Risk Management Framework to secure their own environment while having outside vendors validate their security posture. This is where SLATE can help! We will perform an audit and provide a report to senior leadership stating where the deficient security controls are and how to mitigate them.