Sevatec has significant experience working with the federal government on the appropriate system security for the information IT applications store, process, and transmit. By identifying the security-related aspects of the entire application, from the technical features of the system itself to the physical, personnel, and procedural security implemented around it, Sevatec's Security Team can make risk-based decisions to ensure that adequate safeguards are in place to protect our client's information and assets. The Authority to Operate (ATO), when granted by the Designated Accrediting Authority (DAA), represents the completion of this thorough process of evaluating the risks presented by the system and the mitigating controls implemented to reduce those risks to an acceptable level.

Sevatec has developed a comprehensive C&A process that can be tailored to our client's specific requirements and operational environment. Sevatec's C&A Handbook describes a unique and complex framework for ensuring that systems deployed meet the stringent security objectives appropriate to information they contain. As part of our overall lifecycle development methodology, we keep a close integration of the C&A process and associated project control gates with the overall system development effort project timeline ensuring that security requirements are identified and addressed as early in the project as possible, saving time and reducing development costs by mitigating the need for re-work.

Our Security Team works with our counterpart ISSOs (Info System Security Officer) by:

• Working with system owners/ program officials to develop, implement, and manage POA&Ms
• Ensuring POA&Ms continual update; contains the required OMB/Client details
• Entering POA&Ms for systems under the use of NIST 800-53 Security Controls, Weakness Form, Milestone Form, and various POA&M Reports
• Developing, tracking, and managing POA&Ms

Once applications are accredited, the Sevatec security team continues to evaluate proposed changes to the system functionality, information types, and the threat environment, in order to update the security documentation and ensure the continued proper operation of the security controls to maintain the system's accreditation status. This streamlines the reaccreditation decision each time it must be considered as a result of these changes. Our security team has regular close interaction with the design and development teams working on all aspects of the system.

We currently provide C&A services for DHS/ICE on over 20 applications.

Contact us to learn more!