REGULATORY COMPLIANCE

The Certification and Accreditation (C&A) process is a comprehensive program that validates the security lifecycle of information systems. Security Certification and Accreditation are important activities that support a risk management process, are an integral part of an agency’s information security program, and are major components of federal regulations compliance processes, such as the Federal Information Security Management Act (FISMA) of 2002. To address federal client’s need to comply with C&A, LCG Systems created a C&A methodology. The methodology is a standardized but adaptable process that ensures compliance with FISMA and other federal regulations including OMB Circular A-130 Appendix III and HIPAA. The methodology takes into account all aspects of the C&A process as described in NIST SP 800‑37 and combines the specific details defined in FIPS PUB 200, NIST SP 800-53, and NIST SP 800-53A to create a fully compliant process that can be customized to suit a specific environment.

The LCG Systems C&A methodology places emphasis on incorporating C&A security practices into the organizational culture. The methodology provides an easy-to-follow, step-by-step process that allows system owners and security officers to incorporate the procedures into their daily operations while mapping to the four NIST C&A process phases: Initiation, Certification, Accreditation, and Continuous Monitoring. Through the methodology LCG Systems provides NIST-compliant, easy to use fill-in-the-blank document templates that significantly quicken the compliance process and provide a comprehensive document package for any type of system requiring C&A.