Lumeta - Federal Solutions

866.586.3827

(

Site Map

Company

Contact Request
To request someone from Lumeta contact you, click here

For immediate assistance, please contact us via phone.


Download
	Solving the Federal IT Paradox
	Lumeta Federal Solutions Brochure

Click here to learn more about Lumeta's Unique Certification & Accrediation Solution

NIACAP

The National Information Assurance Certification and Accreditation Process, or NIACAP, is the civilian federal agency version of the Department of Defense Certification and Accreditation Process (DITSCAP). NIACAP is the minimum-standard process for the certification and accreditation (C&A) of computer systems that handle U.S. national-security information. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of a system or site.

While the process outlined in NIACAP is necessary both for compliance sake and for establishing a secure environment, constant changes to the network can cause defenses to become misaligned with policies. Thus, it can be difficult to maintain security Certification and Accreditation (C&A) over time.

Network Assurance in C&A Programs: an Indispensable Component of Your IA Strategy

Lumeta’s flagship Network Assurance product, IPsonar®, provides global network visibility which is integral to each of the phases of a federal C&A program. The solution helps agencies address C&A program planning, lifecycle implementation, and, later, audit of compliance and continuous risk assessment. Using IPsonar, organizations can understand their network connections and the resulting risks in order to prioritize and remedy issues. As a result, they can ensure and provide ongoing proof of the confidentiality, integrity, and availability of their systems.

Definition: agree on the security requirements, C&A boundary, schedule, effort, and resources required
Use IPsonar to enable global network visibility. Create a network connectivity baseline and understand all deviations in order to verify that certification plans will work as intended and ensure network continuity.
Verification: ensure the fully integrated system will be ready for certification testing
Perform a network connection rule compliance analysis to evaluate the impact of intended connections across the network and between networks. Network Assurance enables you to understand connectivity and pinpoint areas of vulnerability or unwanted connectivity that might indicate weaknesses in host- or device-based defenses.
Validation: produce evidence to support that the fully integrated system is in compliance with security policies and requirements
Understand, objectively, the evolving operational reality and prioritize risks, enabling executives to quickly assign remediation tasks and, upon rescanning the network, validate implementation.
Post accreditation: after the system has been certified and accredited for operation, ensure secure system management, operation, and maintenance to preserve an acceptable level of residual risk
Enable the DAA to conduct regular scans to review the operational state of the network and compare it against security guidelines.