Case History: Certification and Accreditation for Federal Agency

Wilson Consulting Group (WCG) reviewed, updated, and developed information security guidelines. These guidelines are required as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program.

About Our Client

The federal agency is responsible for the payment of more than$400 billion annually for medical services provided to nearly 90 million program beneficiaries and recipients. They have about 4,900 employees at their central site, with ten regional offices throughout the country.

In the administration of these national programs, they utilize many assets, including buildings, facilities, communications equipment, computer systems, employees, and contractors. A breach of any one of these assets could affect the quality of support provided by the agency to its customers.

  • Scenario

  • WCG was contracted to help create a Certification and Accreditation (C&A) program for a federal agency that is responsible for administering medical-related services to ensure that good information security practices are in place and maintained.
    The agency required a system of cost-effective information security controls to protect the information it collects, including privacy and proprietary data, procurement data, internal agency data, and privileged system information. Access to such information is controlled by various federal acts and guidelines, such as FISMA and NIST. The agency has a legal responsibility to maintain the confidentiality and integrity of this information.
  • WCG Strategies

  • To ensure that information security best practices were in place and maintained, WCG helped the agency create an effective Certification and Accreditation (C&A) program, with information security policies and standards that met Office of Management and Budget (OMB) and NIST requirements.
  • The Outcome

  • To create these policies and programs, WCG:
    • Reviewed, updated, and developed information security guidelines. These guidelines are required as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program. Examples of guidelines are included, but were not limited to the following: System Security Plan (SSP); Information Security Risk Assessment (ISRA); Contingency Plan (CP).
    • Provided technical and administrative support for the creation and management of Corrective Action Plans (CAPs) and participated in their execution. This included technical testing to validate that the implemented solution effectively addressed the identified weakness.
    • Identified mechanisms to increase efficiencies in the daily management and maintenance of all aspects of the agency’s C&A program, provided technical and administrative support in the implementation of the plans, and trained staff in their use.

    With a solid C&A program in place, the agency’s management team can now effectively make risk-based decisions concerning the security of the applications, systems, and infrastructures within its purview.

Want to Make
Your Own Success Story?

Join the many of happy clients we've served in the past, contact us today!

By submitting this form, you are agreeing to Wilson Consulting Group ’s Privacy Policy.

Subscription Center

Stay in the Know with Our Newsletter