cybersecurity related images

Independent Assessments in Support of Initial A&A's

Have your system independently assessed by federal experts

This Initial Independent Assessment in support of Assessment & Authorization (A&A) service includes an independent security control assessment of a new system or system undergoing significant changes. The assessment is conducted in accordance with (the latest versions of the) National Institute of Standards and Technology (NIST) 800-37 & 800-53A, in addition to agency tailoring and any applicable control overlays (e.g., industry control systems, high value assets, etc.). Standard (electronic) deliverables include:

  • Executive Summary
  • Certificate
  • Travel to customer location as required
  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR)
  • Findings & Recommendations
  • Out-Brief Teleconference
  • Optional: Data population in the agency's Federal Information Security Modernization Act (FISMA) reporting system

As an add-on to ESC's assessment work, follow-on Independent Verification & Validation (IV&V) is available.

Independent control assessment engagements are scoped using customer-provided information, specifically with regards to the number of Control Objectives that would be in scope for testing. Control inheritance from separately accredited systems will lower the level-of-effort (LOE) for control testing. Likewise, embedded subsystems may multiply the testing LOE.

Eligibility

Federal civilian agencies are eligible to use these cybersecurity services from the DOT Enterprise Services Center (ESC). Department of Defense (DOD) organizations may be eligible for ESC cybersecurity services if their systems are unclassified.

Interested in this Fed-to-Fed service? Get a quote!

To get started, reach out to the ESC team. We will send you a simple questionnaire to fill out. Return the completed questionnaire to us and we will promptly develop a firm fixed-price quote, to include proposed schedules. If you just need a rough order of magnitude (ROM) estimate for budget planning purposes, just let us know.

Contact ESC at CyberServices@esc.gov to get more information and assistance.