SecureInfo's New Certification and Accreditation Program Enables Vendors to Deliver Security-Assessed Products to the Federal Government.Company Capitalizes on Proven Track Record; Opens Certification and Accreditation Lab SAN ANTONIO San Antonio (săn ăntō`nēō, əntōn`), city (1990 pop. 935,933), seat of Bexar co., S central Tex., at the source of the San Antonio River; inc. 1837. -- SecureInfo[R] Corporation, a leading provider of information security solutions, today announced the availability of the SecureInfo Certification and Accreditation Program (SI-CAP)(TM) and the opening of the company's new C&A Lab. SI-CAP encapsulates SecureInfo's C&A experience into a comprehensive C&A program designed for vendors providing information systems and networked equipment to the Federal government. By taking advantage of SI-CAP, vendors and system integrators can deliver a C&A package with their products, meeting mandated regulatory standards and saving them and the government time and money required for system implementation. The SecureInfo C&A Lab is a state-of-the-art facility designed for C&A testing and package preparation. SI-CAP can be performed in the SecureInfo C&A Lab or on-site at the vendor location. "With thousands of C&A packages created, SecureInfo has a proven track record in certification and accreditation for the Federal government, vendors, and system integrators," said Christopher Fountain, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of SecureInfo. "Vendors can now capitalize on Cap´i`tal`ize on` v. t. 1. To turn (an opportunity) to one's advantage; to take advantage of (a situation); to profit from; as, to capitalize on an opponent's mistakes s>. this experience and provide verification that their products were tested in compliance with government security requirementsCoa requirement for doing business with the Federal government." SI-CAP delivers a comprehensive C&A package and provides a thorough security evaluation in accordance with security requirements mandated by NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. SP 800-37, DIACAP/DITSCAP, and DCID DCID Director of Central Intelligence Directive DCID Duke Center for International Development (Durham, NC) DCID Development Change In Design DCID Detection and Correct Identification Delay . The C&A package for each product evaluated includes a comprehensive set of documentation and reports detailing the plan and results of the assessment. The package contains a plan of execution, a system security plan, a system security test and evaluation (ST&E) plan, security test and evaluation report, and a plan of actions and milestones (POA&M). SICAP also takes advantage of SecureInfo RMS(TM), SecureInfo's compliance software that streamlines, standardizes and centralizes the C&A process. For example, SI-CAP includes C&A templates that can be easily modified and changed to meet field-specific requirements, dramatically cutting the cost and time required for product implementation. Optional services are available for SI-CAP that address additional security sound practices beyond the NIST, DIACAP DIACAP DOD Information Assurance Certification and Accreditation Process (supersedes DITSCAP) or DCID standards. SI-CAP Optional Services include a contingency plan A plan involving suitable backups, immediate actions and longer term measures for responding to computer emergencies such as attacks or accidental disasters. Contingency plans are part of business resumption planning. and a configuration management plan to further support FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act reporting requirements. SI-CAP is available immediately. Please contact SecureInfo at http://www.secureinfo.com/Company/contact.asp or call 888-677-9351 for more information. Certification and Accreditation Background According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the NIST 800-37 "Guide for the Security Certification A certification issued by competent authority to indicate that a person has been investigated and is eligible for access to classified matter to the extent stated in the certification. and Accreditation of Federal Information Systems," certification and accreditation guidelines were developed to help achieve more secure information systems within the federal government by: * Enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; * Promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and * Creating more complete, reliable, and trustworthy information for authorizing officialsCoto facilitate more informed security accreditation decisions. Security certification and accreditation are important activities that support a risk management process and are an integral part of an agency's information security program. Information systems software, hardware and equipment sold to Federal agencies must undergo a vendor-initiated security certification and accreditation process before the system can be implemented. The C&A process requires independent verification and validation (testing) Independent Verification and Validation - (IV&V) The verification and validation of a software product by an organisation that is both technically and managerially separate from the organisation responsible for developing the product. performed by a qualified third party. According to the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), "The DoDI 8500.2 (reference (g)) requires the evaluation of information assurance (IA) and IA-enabled IT products that are incorporated into DoD information systems. DoD information systems that are comprised of both IT products and IA or IA-enabled products shall ensure that their IA and IA-enabled products are evaluated according to DoDD 8500.1 (reference (b)), and shall be subject to the DIACAP." About SecureInfo SecureInfo Corporation, Inc. is a leading provider of information security solutions, including professional and managed services, and compliance and policy software products. Organizations rely on SecureInfo's solutions to achieve, sustain and measure IT compliance, protect sensitive data and critical IT assets, and mitigate risk more effectively. The company has designed, built and managed enterprise security operations centers and enterprise-wide compliance and policy solutions across Federal government agencies and commercial companies. Customers include Department of Defense, Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States , NASA NASA: see National Aeronautics and Space Administration. NASA in full National Aeronautics and Space Administration Independent U.S. , United States Air Force United States Air Force (USAF) Major component of the U.S. military organization, with primary responsibility for air warfare, air defense, and military space research. It also provides air services in coordination with the other military branches. U.S. , US Treasury and Nortel Networks. Further information can be found at www.secureinfo.com. SecureInfo is a registered trademark and SecureInfo RMS is a trademark of SecureInfo Corporate. All other products and brand names are trademarks or registered trademarks of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion