Independent Security Control Assessments 

Task type
Assess your risk level
Readiness Level


DOJ’s Independent Security Control Assessment service helps agencies uncover risks as part of the Assessment and Authorization (A&A) steps of the Risk Management Framework (RMF). DOJ services provide agencies with an independent assessment of the security controls selected for the system, resulting in a recommendation of whether the system should receive an Authority to Operate (ATO). DOJ’s assessment methodology is consistent with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 regulations. Capabilities include:

  • Security Assessment Plan
  • Assessment activities
  • Security Assessment Report and POA&Ms
  • ATO briefing and documentation package


This service is offered through our federal service partner, the U.S. Department of Justice (DoJ). For more detailed information about this service, please visit the U.S. Department of Justice IT Services page.

You can also download the DOJ's cybersecurity shared services catalog.

For inquiries about DOJ-offered services or if interested in purchasing services, please email: