Federal government agencies are mandated by the Federal Information Security Management Act (FISMA) to understand the security risks posed to their information technology systems, applications and environment, and are required to take appropriate actions to mitigate these risks. To help agencies evaluate these risks, the National Institute of Standards and Technology (NIST) developed a Security Assessment and Authorization (SA&A) methodology for federal information systems – NIST SP 800-53.
The SA&A is a formal methodology for testing and evaluating the security controls of the system to ensure that it is configured properly to meet the security mandate. A FISMA compliant SA&A is required for a system, application or environment to get an Authority to Operate (ATO).
How Wilson Consulting Group will help you
WCG’s Security Assessment and Authorization service is a formal test that evaluates the management, operational and technical controls of the application and system to ensure that the security controls are adequate, configured properly, and satisfy the NIST standards.