• Savings in labor hours.

  • Reduction of overall IT and security risk.

  • More informed decision making and greater assurance in decisions.


  • Authorization Boundary Definition

    Capture essential attributes and details of information systems, clearly define the authorization boundary for system components, and define key stakeholders and A&A team roles.

  • Customized Control Allocation and Assessment

    Tailor baseline security controls by applying scoping, parameterization and compensating control guidance, as well as supplemental controls, control enhancements and/or control overlays.

  • Issue Remediation (POA&M)

    Track the status of issues, report and escalate issues, and notify issue owners and reviewers as part of the follow-up and escalation process.

  • Monitoring Strategy and Ongoing Authorization (OA)

    Identify security controls to be monitored, define the frequency of monitoring for controls sorted by group, and create a monitoring strategy for reassessment of controls.

  • Formatted System Security Plan

    Automatically create a formatted SSP with current and authoritative data points for near real-time risk management and ongoing authorization.

  • Security Categorization

    Categorize information systems based on risk and impact factors, and document factors used to justify the designated security category.

  • Authorization Package Creation and Approval Workflow

    Capture all required data points, create properly formatted authorization package artifacts, and route for review and approval with a workflow tailored to your organization.

  • Complete Security Control Assessments

    Capture information to determine if controls are implemented correctly, operating as intended and producing the desired outcome.

  • Automatically Updated Reports and Authorization Artifacts

    Reports and dashboards are updated automatically and labor-intensive documents like the system security plan (SSP) and security assessment report (SAR) can be refreshed with a single click.

  • Ongoing Authorization

    Integration with RSA Archer Continuous Monitoring provides true event-based and time-based ongoing authorization (OA) capabilities.