Certification & Accreditation (C&A)

HumanTouch has over eight years experience providing solutions to the IRS. HumanTouch provides the IRS with seasoned, certified personnel, including Certification & Accreditation Professionals (CAP), Certified Information Systems Auditors (CISA), Certified Information Systems Security Professionals (CISSP), Certified Public Accountants (CPA), and personnel with the Certified Government Financial Manager (CGFM) certifications. These resources provide subject matter expertise across the security spectrum and understand the sensitive nature of the data and documents collected during the Certification and Accreditation (C&A) process.

Currently, HumanTouch performs C&A on more than 300 IRS General Support Systems (GSS) and applications. We provide the NIST-compliant C&A approaches and execute these approaches according to IRS standards. Active in the C&A community, several of our personnel are trained instructors who have been teaching an array of C&A process courses for the United States Department of Agriculture (USDA)'s Business Graduate School.

HumanTouch performs quality control/reviews of IRS C&A documentation for consistency with the IRS approach/requirements in meeting the intent of Internal Revenue Manuals (IRMs), policies, and NIST standards and guidance. This quality documentation review includes documents created by contractor teams as well as those created by government personnel. The quality documentation review addresses content of the documents, format, and audit defensibility. HumanTouch also works with the IRS by reviewing the findings that result from the evaluation of the C&A package and turning these findings into action items.

For each GSS/application we assess through the C&A process, we create a SAR (Security Assessment Report) to include an executive summary, system description, the security assessment results (for both manual and automated testing as appropriate), all remediation activities, and the statement of residual applications and privacy risk, including both the risk-based applications, privacy, E-Authentication, and the inherited common controls from other systems and an accreditation recommendation. Finally, HumanTouch knows that knowledge transfer is an important part of the C&A process that provides critical information sharing between the documentation team and the ST&E Team for ST&E Plan development and execution.