GAI provides the services of Automated Information Systems Engineers for Certification and Accreditation in accordance with Executive Orders, Public Law, OMB and Defense guidance on the protection and treatment required for National Security Information, Security Plans and Internal Controls for Federal computer systems. These orders, laws and guidance are legally and logically required to operate Federal computer automated information systems.
During the Certification and Accreditation process GAI addresses the following:
- The Mission: Is information mission essential and non-duplicative of other information operations?
- The Protection: How much protection is required and at what cost to achieve the minimum system availability for official business.
- The Risk: Will this system be used for official business? Will it be available for the official business as required? What is the impact of loss of this service? Are all cost-effective corrections in place?
- The Method: GAI forms teams
comprised of the customer technical staff, security staff
and customer management with our staff to step through the
certification and accreditation process for the first
iteration. The mission need for automated information
systems and the impact are most completely and accurately
known by the customer staff. Customer motivation and
commitment are key components in doing a certification and
accreditation. GAI structures the approach and then manages
the project.
At the end of the certification and accreditation process with GAI, the client will have a Systems Security Authorization Agreement, which shows:
System meets the system security policy
Certification tasks are properly completed
System is approved to operate (accredited)
Plan for maintaining the accreditation exists.
GAI consolidates all C&A documentation into a single document, which is:
Required by DoD Instruction 5200.40, DoD Information Technology Security
Certification and Accreditation Process (DITSCAP).
Specified by the National Information Assurance Certification &
Accreditation Process (NIACAP).
Documents security measures taken to comply with HIPPA.
GAI's Certification and Accreditation projects have included:
Provided Information Assurance support to Air Force in San Antonio for the
Comprehensive Engine Testing and Diagnostics (CETADS) System.
Developed the System Security Authorization Agreement for the C-17 Sustainability
Information Management System at Robins AFB, GA.
Developed the Computer Security (COMPUSEC) Accreditation package for the IBM
4381 and IBM RS/6000 system using the Air Force Automated Risk Evaluation System.
Developed Certification and Accreditation package for the SA-ALC/TIS Local Area
Network at Kelly AFB, Texas.
Developed packages for the SA-ALC/TIS CAD/CAM and GENRAD system.
B. System Security Architecture Support
Evaluate infrastructure technologies, such as, ATM, routing implementations, and integration of Devices/Products/Systems across enterprise networks.
Perform Gap Analysis, functional evaluations, and security and risk assessments.
Ensure the security integrity and availability of enterprise networks.
Make choices/compromises based on risk assessments to identify sequence and dependencies of implementation projects.
Implementation of results of assessments into architectures and update the Plan, Policies and Procedures, accordingly.
