The Columbia Group can take an unapproved application and bring it up to the standards required to gain the certification and accreditation (C&A) approval. The C&A application is a far reaching process that requires extensive documentation and preparation of the software and hardware of an IT system.
This process includes patching, configuring, logging, monitoring and maintaining an operating system (in our case Red Hat Enterprise Linux 5.6) in an effort to make the system more secure. This effort is an ongoing process. We monitor systems in numerous ways on a daily, weekly and monthly basis. We have software and hardware in place for monitoring and prevention of unauthorized intrusions or access, as well as corruption due to virus infection. Our systems are backed up daily and weekly.
We develop Contingency Plans (CPs) for the systems that spell out the methods and efforts required to bring the system back on-line in the event of a major system failure. The CPs, along with numerous other security checks aretested annually. The security checks include such items as reviewing the software and hardware baseline, user permissions, the incident response plan, backup viability checks, and support contracts. These efforts meet the FISMA requirement for an annual security review.