Assessment and Authorization (A&A) and Continuous Monitoring

Our process for Assessment and Authorization (A&A) places initial focus on boundary definitions, definition of roles and responsibilities, and security categorization based upon data types and sensitivity. After conducting a comprehensive risk assessment, our team is able to develop system security plans that explain who, what, how, and how often for each security control (leveraging common or inherited controls where possible). Our teams also develop all supporting documentation, such as eAuthentication Risk Assessments, Privacy Impact Assessments, IT Contingency Plans, Security Control Assessment/Test Plans, Security Assessment Reports, ATO Letters, and agency-specific documentation.

eGlobalTech’s Continuous Monitoring (CM) methodology is tailored to each client depending upon the scope of the target and the maturity of the existing CM program. Our methodology includes:

  • CM strategic planning and implementation
  • Maintaining compliance with agency CM policies and implementing industry standards like SCAP
  • Establishing a roadmap to near real-time CM
  • Integration with performance measurement and metrics, as well as existing programs like Einstein and CyberScope
  • Defining security control assessment procedures, frequency, and requirements
  • Determining cost-effectiveness of manual procedures and balancing risk and cost
  • Facilitating CM working groups and technical discussions
  • Evaluating existing toolsets and recommending new tools