Verizon
About Us Verizon Home
Sign In
Close
 

FNS Home \ FNS Solutions \ Information Security
 Certification and Accreditation Support
Certification and Accreditation Support
Security Program Support
Security System Integration
Contingency/Disaster Recovery Planning
NetFacade® Intrusion Detection
Managed Security Services

Access. Mitigate. Test & Certify. Maintain.
C&A Process Activities

Verizon FNS takes a practical approach to security solutions, focusing on operational needs, associated risks and potential cost to devise an optimal strategy that offers the best value with an acceptable level of risk. We follow a focused four step process from Assessment, Mitigation, Test and Certification through on-going Maintenance and support as part of our Managed Security Services to ensure continued secure operations in the face of newly identified risks.

The C&A Process is a structured approach that is applicable to any system in any organization, undertaken to ensure all aspects of security are addressed throughout the life cycle of a system. The Certification part of the process provides a comprehensive evaluation of the technical and non-technical security features of an IT system to establish the extent to which a particular design or implementation meets the specified security requirements. The Accreditation portion is the formal declaration by the authorizing official that an IT system is approved to operate in a particular security mode, using a prescribed set of safeguards at an acceptable level of risk. Verizon FNS Security Engineers are experienced in performing C&A activities and delivering the required documentation in support of government and commercial guidelines such as:
  • DITSCAP/DIACAP
  • NIST SP 800-37
  • NIACAP
  • NISCAP
  • DCID 6/3
  • JDCSISSS
  • ISO 17799
  • Agency Specific Directives
  • Computer Security Act
  • OMB A-130, Appendix III
The Verizon FNS Security Engineering team can provide full support of the C&A process for the initial certification and re-certification of an IT system. Our approach stresses life-cycle management and promotes uniform cost-effective procedures. We will deliver a complete certification package documenting the system mission, target environment and architecture, security requirements and acceptable residual risks.

The Certification package delivered by Verizon FNS enables an accrediting authority to understand the system risks and make an informed accrediting decision - ultimately granting an approval to operate:
  • Systems Security Authorization Agreement or Plan
  • Risk Assessment
  • System Test and Evaluation
  • Certifier's Statement
  • Accreditation Recommendation


TRUSTe Certified Privacy