Independent Assessments in Support of Systems Continuous Monitoring

The independent assessments in support of systems continuous monitoring includes an annual, independent security control assessment of a system under Continuous Monitoring/Ongoing Authorization. The assessment is conducted in accordance with National Institute of Standards and Technology (NIST) 800-37 & 800-53A and agency tailoring. Standard (electronic) deliverables include:

• Executive Summary
• Certificate
• Control inheritance as appropriate
• Travel to designated customer location as required
• Security Assessment Report (SAR)
• Findings & Recommendations
• Optional: Data population in the agency's Federal Information Security Modernization Act (FISMA) reporting system

Contact

This service is offered through our federal service partner, the U.S. Department of Transportation (DOT). For more detailed information about this service, please visit the DOT's Enterprise Services Center (ESC) website. 

For inquiries about ESC offered services or if interested in purchasing services, please contact us at: esc-cyberservices@faa.gov.