RSA Archer® Assessment & Authorization

Comply with FISMA while improving security

  • Enable a system of record for every person, location, component and tier in your organization.
  • Meet compliance requirements and lay the foundation for a comprehensive information assurance management program.
  • Manage all phases of the NIST RMF, DIACAP, DOD RMF and FedRAMP.

Featured Resource

Data Sheet

RSA Archer Assessment & Authorization

This data sheet provides an overview of the RSA Archer Assessment & Authorization use case for RSA Archer Public Sector solutions.

Get the Data Sheet



Customize Control Allocation and Assessment

Tailor baseline security controls by applying scoping, parameterization and compensating control guidance, as well as supplemental controls, control enhancements and/or control overlays.


Authorization Boundary Definition

Capture essential attributes and details of information systems, clearly define the authorization boundary for system components, and define key stakeholders and A&A team roles.


Authorization Package Creation and Approval Workflow

Capture all required data points, create properly formatted authorization package artifacts, and route for review and approval with a workflow tailored to your organization.


Security Categorization

Categorize information systems based on risk and impact factors, and document factors used to justify the designated security category.


Issue Remediation (POA&M)

Track the status of issues, report and escalate issues, and notify issue owners and reviewers as part of the follow-up and escalation process.


Automatically Updated Reports and Authorization Artifacts

Reports and dashboards are updated automatically and labor-intensive documents like the system security plan (SSP) and security assessment report (SAR) can be refreshed with a single click.


Complete Security Control Assessment

Capture information to determine if controls are implemented correctly, operating as intended and producing desired outcomes.


Monitoring Strategy and Ongoing Authorization (OA)

Identify security controls to be monitored, define the frequency of monitoring for controls sorted by group, and create a monitoring strategy for reassessment of controls.


Formatted System Security Plan

Automatically create a formatted SSP with current and authoritative data points for near real-time risk management and ongoing authorization.


Ongoing Authorization

Integration with RSA Archer Continuous Monitoring provides true event-based and time-based ongoing authorization (OA) capabilities.


Helps to reduce IT and security risks

May yield savings in labor hours

Facilitates informed decision-making

RSA Archer Public Sector Solutions

RSA Archer Public Sector solutions are purpose-built to meet the unique needs of U.S. federal agencies, providing capabilities essential to an effective information assurance program.

"Previously, maturity levels were estimated, but now that we have the risk assessments as part of the [RSA Archer] tool, we’ve been able to integrate the two so that the 40 key controls in the Texas Cybersecurity Framework are linked to the NIST controls. This enables organizations to view the findings they have in each of those key controls and gives them a better method for establishing or rating their maturity levels, which is particularly useful."
Nancy Rainosek
Governance, Risk and Compliance Program Manager

Texas Department of Information Resources


White Paper

How GRC Can Help You Stay a Step Ahead of Ransomware

Discover the role governance, risk and compliance (GRC) solutions can play in helping your organization prepare for and respond to a ransomware attack.

Read the White Paper


OCEG Infographic: The Journey to Advantaged GRC

As organizations mature their approach to GRC, they transition from a structure of siloed departments and units to a fully engaged business operation.

View the Infographic

White Papers

  • Continuous Monitoring: Introduction & Considerations, Part 1 The first in a two-part series, this white paper explores the sometimes daunting subject of continuous monitoring (CM) and how to successfully manage your CM program. Intended for security professionals who are new to CM, this first part discusses common misconceptions and provides definitions, an introduction and a brief history of CM.
  • Continuous Monitoring: Monitoring Strategy, Part 2 The second in our two-part series, this white paper addresses monitoring strategy, including the frequency and method of assessments.

Case Studies


Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.