DATA SHEET

RSA ARCHER®

ASSESSMENT & AUTHORIZATION

USE CASE FOR PUBLIC SECTOR SOLUTIONS

2

DATA SHEET

THE CHALLENGE The federal community has struggled for years to meet basic FISMA (Federal

Information Security Management Act) reporting and OMB (Office of Management

and Budget) compliance requirements. Budget constraints have created reactive,

just-in-time responses to these resource-intensive activities. Attention is focused

only on the Authorization to Operate (ATO) and Plan of Action & Milestones

(POA&M) expiring next, and migration to new control catalogs are often postponed

as long as possible. Agencies have basic defect identification and remediation

capabilities but assess their controls infrequently because they have no in-house

assessment resources. This situation creates a constant budget issue because

organizations have to hire costly outside vendors and fund just one or two

assessments in advance. Compliance and expiration dates drive decisions more

than real risk metrics while organizations also need to contemplate how to comply

with the latest continuous monitoring (CM) requirements.

There have been many negative results from this FISMA and OMB compliance

paradigm over the years: Security artifacts and metrics are often out of date

or incomplete. Inefficient and duplicate efforts cause unneeded stress on staff

and further strain budgets, resulting in limited visibility and accountability in

addressing known risks. Issues fall through the cracks, deadlines are missed and

security vulnerabilities remain open.

OVERVIEW RSA Archer® Assessment & Authorization (A&A) allows the organization

to assess and authorize all new information systems before they go into

production to ensure they are operating at an acceptable level of risk. It gives

the authorization team the tools and capabilities to define authorization

boundaries, allocate and assess controls, assemble authorization packages,

make informed authorization decisions, and determine whether each

information system stays within acceptable risk parameters. RSA Archer A&A

allows organizations to comply with FISMA and OMB requirements while

improving security. This use case also integrates with RSA Archer Continuous

Monitoring to provide a true Ongoing Authorization (OA) capability.

With RSA Archer Assessment & Authorization, you can more effectively

identify, manage and mitigate issues, including common (inherited) control

management. These capabilities enable organizational resources to be more

productive in their role by eliminating bottlenecks and inefficient manual

processes. Reporting and authorization artifacts can now be automatically

updated, providing senior executives and business owners with accurate, real-

time data to enable better-informed business decisions to be made to ensure

organizational compliance is maintained and effective security measures are

proactively enacted.

3

DATA SHEET

KEY FEATURES• Authorization boundary definition

• Electronic signatures and PIN authorization enable digital signatures and

signature tracking

• Clear and justified security categorization

• Customized control allocation and assessment

• Authorization package creation and approval workflow

• Informed authorization decision-making and issue remediation (POA&M)

• Monitoring strategy and Ongoing Authorization (OA)

KEY BENEFITS

RSA Archer Assessment & Authorization provides:

• Savings in labor hours

• More informed decision-making and greater assurance in decisions

• Expedited approval of records and signature tracking throughout the

record lifecycle

• Improved controls tracking across the organization

• Reduction of overall IT and security risk

4

DATA SHEET

©2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice. 07/18, Data sheet, H4818-2 W142112

FOR MORE INFORMATION

To learn more about how EMC products, services, and solutions can help

solve your business and IT challenges, contact your local representative or

authorized reseller—or visit us at rsa.com. If you are an existing RSA Archer

customer and have questions or require additional information about

licensing, please contact RSA Archer at archersupport@rsa.com or call 1-888-

539-EGRC.