Security Certification and Accreditation (C&A)
XaaS' current C&A Authority to Operate was issued in January 2011.
Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized. All government systems and applications must receive a C&A Authority to Operate before being put into production, and every three years thereafter per the Federal Information Security Management Act (FISMA) of 2002.
The goal of C&A is to insure that federal agencies put only highly secure systems and applications into production.
Laws for federal departments and agencies mandate C&A; however, private organizations, like XaaS, can also take advantage of C&A methodologies to help mitigate risks on their own information systems and networks. In fact, the majority of the nation's critical infrastructure is on private networks that are not part of any U.S. federal department or agency.
For organizations to achieve C&A certification they must demonstrate due-diligence in mitigating risks and maintaining appropriate security controls. XaaS has not only achieved C&A certification, but has adopted these best practice to support commercial customers, not just Federal agencies.