Home Products & Services Engineering Services System Security Certification and Accreditation

Related Products

System Security Certification and Accreditation

An essential part of assessing the security of an information system is identifying, understanding, and managing the risks associated with the system’s use. Security certification and accreditation (C&A) support the risk management process and are integral to an agency’s information security program.

Security certification is the process of assessing the security controls in the information system to determine whether they are implemented correctly, operating as intended, and are meeting the system’s security requirements.

Security accreditation is concerned with risk acceptance and management. The Designated Approval Authority (DAA) or other authorizing officials must determine the risk to operations, assets, or individuals and the acceptability of the risk weighed against the mission or business needs of their agencies. Security certification supports security accreditation by providing the DAA with information needed to make credible, risk-based decisions about information systems operation.

For more than 15 years, ARINC has been providing C&A services to the U.S. Department of Defense (DoD) and to a variety of DoD customers. Our products and services comply with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) per DoD Instruction 5200.40 and DoD Manual 8510.1-1M. We are also assisting our DoD customers in the transition to the new DoD Information Assurance Certification and Accreditation Process (DIACAP).

ARINC uses a DITSCAP-based C&A process to certify that the target system is safe to operate in its intended environment, to confirm that it maintains the accredited security posture throughout its lifecycle, and to address vulnerabilities by reducing residual risk to a level deemed acceptable by the DAA.

As part of ARINC’s suite of System Security Engineering Services, we tailor our C&A services to the system’s life cycle phase and program strategy and scale the certification process according to the size and complexity of the system. We develop a comprehensive DITSCAP-compliant System Security Authorization Agreement (SSAA), when required, to document the system security architecture to support the DAA’s accreditation decision.

We also have expertise in developing C&A packages per Director of Central Intelligence Directive (DCID) 6/3 and the Joint Department of Defense Intelligence Information Systems (DoDIIS)/Cryptologic SCI Information Systems Security Standards (JDCSISSS).

We comply with applicable DoD, Air Force, Army, and local directives, instructions, and standards, including DoDD 8500.1, DoDI 8500.2, AFI 33-202, AFMAN 33-223, AR 25-2, AR 380-5, DoD 5220.22-M (NISPOM), and the Federal Information Security Management Act (FISMA).

Quick Facts
Our process meets key military and commercial security guidelines, directives, and instructions
Certifications include Certified Information Systems Security Professional (CISSP) and Security+
Expertise with multilevel security systems and processing of cross-domain solutions through the DISA Global Information Grid (GIG) Interconnection Approval Process (GIAP)

Did You Know

ARINC has provided C&A services on Global Positioning System (GPS) components at Cape Canaveral Air Station, Schriever Air Force Base, and Vandenberg Air Force Base; the Technical Data Management System, the Electronic Data Archiving and Retrieval Service, and the Satellite Communications (SATCOM) Testbed at Peterson Air Force Base; integrated tactical warning/attack assessment systems at Cheyenne Mountain Air Force Station; space surveillance systems at Eglin Air Force Base; and wideband SATCOM information systems for the U.S. Army Space and Missile Defense Command/U.S. Army Forces Strategic Command (USASMDC/ARSTRAT) at Peterson Air Force Base.
  Copyright   ARINC Incorporated 1 800 633 6882 Legal Privacy Policy A Portfolio Company of The Carlyle Group