DOJ’s Independent Security Control Assessment service helps agencies uncover risks as part of the Assessment and Authorization (A&A) steps of the Risk Management Framework (RMF). DOJ services provide agencies with an independent assessment of the security controls selected for the system, resulting in a recommendation of whether the system should receive an Authority to Operate (ATO). DOJ’s assessment methodology is consistent with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 regulations. Capabilities include:
- Security Assessment Plan
- Assessment activities
- Security Assessment Report and POA&Ms
- ATO briefing and documentation package
This service is offered through our federal service partner, the U.S. Department of Justice (DoJ). For more detailed information about this service, please visit the U.S. Department of Justice IT Services page.
You can also download the DOJ's cybersecurity shared services catalog.
For inquiries about DOJ-offered services or if interested in purchasing services, please email: firstname.lastname@example.org.