CygnaCom enters certification work

CygnaCom Solutions officials announced today that they will begin offering security certification and accreditation (C&A) services as they expand their information security services and consulting business.

Demand for C&A services is projected to increase because federal agencies are legally required to complete periodic security C&A procedures for every major information system they use.

"I can't give you exact numbers, but we see it growing fairly quickly," said Peter Bello, president of CygnaCom.

The company, which has been in the information assurance services and consulting business since 1994, also operates two government-accredited labs for testing security products against the Common Criteria standards and Federal Information Processing Standard 140-2.

"We're building on our security expertise," Bello said. In the past six months, the company also has added new employees who have previous C&A testing and auditing experience, he said.

In cases where CygnaCom has worked with a federal agency to build and install security systems, the company would not offer to perform C&A testing to avoid a conflict of interest, Bello said.

Under guidelines and a grading system that Bush administration officials use to enforce the Federal Information Security Management Act of 2002, many federal agencies lose points because they have not met the law’s C&A requirements.