Certification & Accreditation Portal

CAP : Two Tools in One

Tool 1: Generate & Manage C&A documents

Producing a C&A package involes a number of manual and tedious steps. CAP enables analysts to automate routine, labor-intensive, error-prone tasks by leveraging scan tools, import facilities, out-the-box mapping and integrates with MS Word, MS Excel and XML. Our average ROI on time and money is 40%.

  • Centrally manage your C&A templates with MS WORD
  • Integrate scan tools; Nessus, CIS, DISA and more
  • Maps vulnerabilities to 800-53 automatically
  • S-CAP compliant; ingest XCCDF and OVAL standards
  • Imports and Exports
  • Excel, XML and delimited files
  • Configurable templates as easy as editing WORD
  • Ensure consistency and elimnate cut & paste
  • Configurable facilities, create Common controls and Custom questions
  • Generate SSP, ST&E, Risk Assessment, Risk Matrix
  • Automate POA&M generation based on custom rules

Tool 2: Enterprise FISMA Management

CAP provides CISOs and managers a real-time monitor of their security posture. Information about which systems have been C&A'd, expired or otherwise. The latest info on POA&MS and receive email alerts before they are overdue. Generate OMB reports instantly. CAP allows you to analyse where the you can allocate resources efficiently to raise your FISMA grade.

  • Real-time dashboard of security posture
  • POA&M management
  • Reports, including OMB reports
  • Email alerts

Download the CAP brochure

How does it save time?

  • All of your agency's static verbiage is centrally managed in the CAP's Admin Console - no more cut & paste.
  • Vulnerability scan tool results are mapped to 800-53 controls out-the-box. Auto-generate OMB FISMA reports in Excel format.
  • Email alerts let you know when C&A's are about to expire and POA&M mitigation is overdue.

How does it cut cost?

  • The CAP eliminates dozens of billable hours of technical writing per C&A package.
  • It also automates a number of C&A steps that are performed by a security analyst.
  • The CAP's Vulnerability Manager component makes filtering scan results a breeze - cutting the time needed from a matter of days to minutes.
  • The CAP is less than half the price of the competition.

How easy is it to use?

  • The CAP does not require extensive training.
  • The templates are created in Microsoft Word - there is no proprietary language to learn.
  • The entire system is web-based and very intuitive
  • no client to install on machines and familiar browser-based interface.

How flexible is it?

  • The CAP will grow along with your agency and NIST requirements.
  • Controls are easily added and maintained through the Admin Console.
  • The CAP is NIST SCAP compatible - the Vulnerability Manager can ingest XCCDF and OVAL test result files from various vendors such as Secure Elements, Threatguard and Symantec.