Certification and Accreditation Services

 

SEC provides system owners such as Program Executive Offices, Project Management Offices, Product Managers, and Life Cycle Management Commands with the services they need to comply with mandatory DoD and Army policies. These include the Clinger-Cohen Act, Acquisition Policy, AR 25-2 Information Assurance, as well as other information assurance related guidance as shown in the Defense Acquisition Guide Book at: http://akss.dau.mil/dag/DoD5000.asp?view=functional

Information Assurance (IA)

As an Army CIO/G-6 Office of Information Assurance and Compliance (OIA&C) approved Agent of the Certification Authority (ACA), SEC is available to provide system owners (SO), to include project managers, with certification capabilities under the Interim DoD Information Assurance Certification and Accreditation Process (DIACAP).

These capabilities include:

Preparing, planning and conducting the system validation by:
(1) Preparing IA certification validation plans as part of the DIACAP Implementation Plan (DIP) in accordance with the Interim DIACAP validation requirements and methods
(2) Conducting validation of IA controls
(3) Preparing IA validation Artifact
(4) Preparing IA Scorecards
(5) Preparing IA Risk assessment artifacts from the IA validation findings
(6) Providing the IA Scorecard and supporting artifacts to the CA for an operational IA risk determination.

Participating in the Initial IS IA meetings and meetings of the C&A Working Group

Coordinating with the assigned CA Representative (CAR) in the OIA&C, ensuring that: (1) IA Controls and requirements imposed on the IS are acceptable (2) Emerging solutions to IA Controls, if successfully implemented, will be acceptable for accreditation (3) Unacceptable solutions are brought into compliance, as required

Providing a monthly status report to the Army Office of Information Assurance and Compliance and the SO on the current IA activities of their system, issues that have arisen, and expanded scope of the IS that might have enterprise implications.

C&A Support - Initiation work flow & Execution work flow.

Software Vulnerability Assessment

Provides analysis of source and/or binary code or runtime application for security vulnerabilities--intentional or inadvertent. Extended vulnerabilities testing including malicious code analysis, penetration testing, and safety analysis

Software Quality Assessment

A combination of objective methods, tools, and techniques that are used to access the various quality attributes of software products at various stages in their development. These quality attributes include Preliminary Quality Assessment, Error Detection, Memory Leak Analysis, Performance Tuning, and Test Coverage Analysis.

Visit the Software Assurance Laboratory (SWAL) where the work is accomplished.

Return to Value-Added page Previous - Next