TWM - Associates, Inc.

As TWM contributed to the original Department of Defense (DoD) SA&A process which evolved into the National Institute of Standards and Technology (NIST) 800-37 SA&A for Federal Systems, TWM is intimately familiar with all aspects of SA&A, from a policy perspective, through to implementation on the program side, to evaluation of the SA&A from an accreditor or Office of Inspector General (OIG) perspective.

What is more interesting, however, is that TWM has contributed to NIST Risk Management Framework (RMF) which re-writes NIST 800-37. TWM approaches SA&A/RMF support as a holistic process that is constantly being evaluated based on activities in the field and the recommendations of those programs being certified. TWM has evolved this process over many years and thousands of SA&As, and continues to evolve it with every assignment.

TWM has developed Security Assessment and Security Testing processes that are tailorable, repeatable, and predictable, regardless of the size of the system, and works with our customers to scope activities based on the appetite for risk and the implemented risk acceptance structure of the organization. TWM also works with entity’s to help ensure this SA&A/RMF is encompassed at the forefront of system acquisition and throughout system development.