Chris Hoover

Has the Federal Community Grown Up?

Blog Post created by Chris Hoover Employee on May 14, 2015

At RSA Archer, we are now officially announcing our GRC maturity assessments. I personally would like to announce the Assessment & Authorization (A&A) and Continuous Monitoring maturity assessment for the federal community and federal adjacent customers, like contractors. In addition, we have maturity assessments that correspond to most of our other offerings and domains of interest:

  • Operational Risk Management
  • IT Security Risk Management
  • Regulatory and Corporate Compliance
  • Business Resiliency
  • Third Party Governance
  • Audit Management

 

So what is it?

You answer a questionnaire and send us the results. We perform the analyses and provide charts, reports, and artifacts in a formal briefing. This is all FREE. You can invite other stakeholders to this briefing or at least have the reports and materials to take back to your team to prompt some serious discussion.

 

Why do you need it?

In the context of A&A and Continuous Monitoring, we know they are mandatory activities. FISMA and OMB have told us so. We have been doing A&A (and C&A) for many years. Most people are still figuring out what they are going to do about Continuous Monitoring. Very few have attempted to achieve Ongoing Authorization.

 

The maturity assessment doesn't just force you to examine each little piece you’re doing or not doing, it forces you to see the activities’ relationships, and how they impact each other. Beyond just a litany of checklist activities, you have to at some point examine the maturity of your processes, tools, and staff. Without this, you will likely never meet the minimum, and if you do, it will be at the maximum cost in stress and pain to your staff. To put it another way: an organization with a mature information assurance program will have efficiencies and visibility in place that will allow them to achieve more than a less mature organization with the same amount of resources.

 

What's next?

If you are interested in learning more about our process, we have white papers posted here for you to learn more.

Or contact me directly and we can discuss next steps.

 

As always, thanks for reading and email me with comments or questions

Chris

Outcomes