RSA Archer® Assessment & Authorization
Comply with FISMA while improving security.
- Enable a system of record for every person, location, component and tier in your organization.
- Meet compliance requirements and lay the foundation for a comprehensive information assurance management program.
- Manage all phases of the NIST RMF, DIACAP, DOD RMF and FedRAMP.
Savings in labor hours.
Reduction of overall IT and security risk.
More informed decision making and greater assurance in decisions.
Authorization Boundary Definition
Capture essential attributes and details of information systems, clearly define the authorization boundary for system components, and define key stakeholders and A&A team roles.
Customized Control Allocation and Assessment
Tailor baseline security controls by applying scoping, parameterization and compensating control guidance, as well as supplemental controls, control enhancements and/or control overlays.
Issue Remediation (POA&M)
Track the status of issues, report and escalate issues, and notify issue owners and reviewers as part of the follow-up and escalation process.
Monitoring Strategy and Ongoing Authorization (OA)
Identify security controls to be monitored, define the frequency of monitoring for controls sorted by group, and create a monitoring strategy for reassessment of controls.
Formatted System Security Plan
Automatically create a formatted SSP with current and authoritative data points for near real-time risk management and ongoing authorization.
Categorize information systems based on risk and impact factors, and document factors used to justify the designated security category.
Authorization Package Creation and Approval Workflow
Capture all required data points, create properly formatted authorization package artifacts, and route for review and approval with a workflow tailored to your organization.
Complete Security Control Assessments
Capture information to determine if controls are implemented correctly, operating as intended and producing the desired outcome.
Automatically Updated Reports and Authorization Artifacts
Reports and dashboards are updated automatically and labor-intensive documents like the system security plan (SSP) and security assessment report (SAR) can be refreshed with a single click.
Integration with RSA Archer Continuous Monitoring provides true event-based and time-based ongoing authorization (OA) capabilities.
Previously, maturity levels were estimated, but now, because we have the risk assessments as part of the [RSA Archer] tool, we’ve been able to integrate the two so that the 40 key controls in the Texas Cybersecurity Framework are linked to the NIST controls. This enables organizations to view the findings they have in each of those key controls. It gives them a better method for establishing or rating their maturity levels, and this is particularly useful.
Governance, Risk and Compliance Program Manager, Texas Department of Information Resources @ Texas Department of Information Resources