CASE STUDY

Automating Accreditation and Authorization

Volant is working with the government to streamline the security accreditation process. In most Federal Government organizations every application and system must be formally accredited based on the selection and specification of security controls as defined by the NIST Risk Management Framework (RMF) described in NIST Special Publication (SP) 800-37 Revision 2. While the NIST SP 800-37 documentation defines the overarching risk management approach, government agencies are afforded the opportunity to implement security controls in a manner consistent with their unique mission needs. Based on Volant’s consistent track record of delivering secure technical solutions, the Volant team was selected to provide an innovative approach to address, contribute, and speed key elements of the accreditation process.

Volant’s technical approach in leveraging Opencontrol (open source security standard) is a paradigm shift and completely changes how a developer implements a system and how an organization verifies those security controls.

— Chris Golden, CTO, Volant Associates LLC

Image

The Challenge

Currently, security accreditation for a typical application or system at at Federal Government Agency can take a year to 18 months to complete. Volant is leveraging years of experience in automating software development tools and processes and directly applying this experience to help streamline and automate the accreditation process for those that use the Risk Management Framework (RMF) to manage and monitor the security related elements of a system or capability.

Features of our solution include:

  • Faster Delivery to Operations
  • Greater Efficiency
  • Less Prone to Error

Our Approach

After careful review of the government’s requirements, Volant identified an opportunity to provide efficiencies within the RMF process by leveraging an innovative approach to accreditation based on an open source standard called “OpenControl.” OpenControl was developed by a group of technology and security experts with a specific focus to streamline the accreditation process by creating an open standard to support compliance.  The standard supports compliance for any industry, whether government or commercial. The Opencontrol approach can be used for the entire RMF process. The OpenControl approach is a paradigm shift and completely changes how a developer implements a system and how an organization verifies those security controls. 

Download: Automating A&A for the Federal Government

Image
For more information contact us:

571.210.0030 or info@volantco.com