> Capabilities > Information Assurance > Certification & Accreditation
When it comes to protecting vital information resources, government and industry organizations alike face a crucial security challenge: balancing the need to provide easily accessible information with the need to appropriately safeguard that same information. Laws, such as the Privacy Act, establish protection levels for specific data types; and in many organizations, Information Systems Security (INFOSEC) regulations specify data protection criteria. For over 17 years, EMA has worked in this specialized environment, helping its customers to understand and apply cutting-edge INFOSEC and Information Assurance (IA) technologies to meet their unique data and systems security needs. And we can do the same for you, from developing effective information protection policies, to designing and implementing technical protection countermeasures, to selecting appropriate information protection tools, and providing guidance in understanding and minimizing residual risks to your data and systems.
.: Acquisition Technology Program Protection Planning
.: Network Security Solutions
.: Certification & Accreditation
.: International Programs
Certification & Accreditation
Today, business losses resulting from system intrusion, data theft, or accidental data destruction can be devastating. That's why the security Certification and Accreditation (C&A) process is essential. Begun during the system development/acquisition phase, the C&A process identifies an organization's security vulnerabilities, potential threats, risks, and appropriate protection measures.
EMA's 17 years of experience with Department of Defense (DoD) and industry-standard security C&A processes enables us to provide a "best of breed" Information Technology (IT) security verification program. Our engineers, analysts, and technicians combine approved IT security checklist methodologies with organization-specific security evaluations to check entire security systems. Not only do we perform vulnerability scans and develop security test cases for system hardware and software, but we also evaluate non-technical IT security aspects such as personnel security awareness, user training, physical security practices, data and system backup procedures, and continuity of operations strategies. EMA also provides insight on policy and technical requirements and conducts automated site tests and engineering analyses to verify that security features are properly implemented. Our analysts develop documentation including Systems Security Authorization Agreements, Contingency Plans, and Test and Evaluation Plans, as well as training and maintenance programs.
Call Mary Mayonado today to see how we can help you achieve your security goals. Contact her at (301) 863.2204 or