Certification and Accreditation
Certification and Accreditation (C&A)
The RTCS C&A team members are seasoned experts guiding your organization to achieve required approvals to use your cross domain solution. Regardless of size or complexity, the RTCS C&A team identifies the necessary processes, procedures, artifacts and resources to ensure successful approval results are achieved. C&A, as required by the Federal Information Security Management Act (FISMA) of 2002, is an informed approach to managing risk. While updated guidance and terminology are being developed, the concepts remain the same.
The integral start to any C&A effort is to fully understand the customer’s mission and how the system intends to meet this mission. To reach this understanding the RTCS C&A team identifies all applicable information assurance (IA) requirements and proposes a set of technical (software, hardware) and non-technical (facilities, processes) features, which allow for acceptable residual risk while accomplishing the mission.
By utilizing the Trusted Implementation Methodology (TIM), the C&A teams combine their expertise in security engineering and integration support for each C&A effort to deliver mission capabilities on tight, predictable development schedules. This rigorous system engineering process, with tightly integrated C&A aspects, allows RTCS to minimize the risk of C&A findings late in the process.
RTCS C&A services begin with our C&A Subject Matter Experts (SMEs) engaging with the RTCS Product Development Team. When an idea is conceived, we ensure the Risk Management Framework (RMF) is inserted and applied to RTCS products. We interact with the RTCS Product Development Team to ensure that quality information assurance concepts are “baked in” from the inception of all RTCS products. This interaction allows RTCS C&A and Product Development personnel to identify risks and apply mitigations, minimizing potential vulnerabilities that could be exploited during operational use of an RTCS product. This coordination provides a solid foundation before customers invest any time or money in leveraging RTCS C&A services to navigate a particular C&A process.
Through flexible service offerings, C&A SMEs help Commercial and Government customers meet operational and mission critical requirements. We provide our customers with process facilitation guidance to navigate the various C&A processes, starting with our customized C&A documents. This guidance enables customers to succeed in gaining the Authority to Operate/Connect (ATO/C) using RTCS’ products in their operational environment. Post-accreditation, RTCS remains engaged with customers by supporting continuous monitoring of approved RTCS products in order to successfully maintain an acceptable risk management posture for secure, operational use.
The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners.
The Small Format Guard™(SFG) cross domain information sharing solution is NOT approved for export beyond the United States (US).