Security Assessment (Certification and Accreditation (C&A))
Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect their Information Technology (IT) resources. The Federal Information Security Management Act (FISMA) states that all agencies must put in place a comprehensive information security plan with fully integrated procedures and controls. The penalties for non-compliance are also escalating, with Authorizing Officials assuming personal liability for the systems they accredit, and the Office of Management and Budget reserving the right to deny funding to organizations which do not meet the requirements or demonstrate a plan to do so.