Accreditation to Assessment & Authorization
TWM Associates, Inc. (TWM) is a Cyberecurity, IT Audit, and Information Assurance (IA) firm that has been providing Assessment & Authorization (A&A) support since our founding in 1991.
As TWM contributed to the original Department of Defense (DoD) A&A process which evolved into the National Institute of Standards and Technology (NIST) 800-37 A&A for Federal Systems, TWM is intimately familiar with all aspects of A&A, from a policy perspective, through to implementation on the program side, to evaluation of the A&A from an accreditor or inspector perspective. What is more interesting, however, is that TWM has contributed to NIST Risk Management Framework (RMF) which re-writes NIST 800-37. TWM approaches A&A/RMF support as a holistic process that is constantly being evaluated based on activities in the field and the recommendations of those programs being certified. TWM has evolved this process over 24 years and thousands of A&As, and continues to evolve it with every assignment. TWM has developed Assessment and Security Testing processes that are tailorable, repeatable, and predictable, regardless of the size of the system, and works with our customers to scope activities based on the appetite for risk and the implemented risk acceptance structure of the organization. TWM also works with entity’s to help ensure this A&A/RMF is encompassed at the forefront of system acquisition and throughout system development.