IA Policy and Compliance Certified Specialist - C@A I or II

Huntsville, AL
Dec 16, 2016
Mar 22, 2017
Full Time

IA Policy and Compliance, IA Certification and Accredidation Specialist

Locations: Huntsville, AL, Portland, OR, Vicksburg, MS



The IA Certification & Accreditation Specialist coordinates the administration and maintenance of several C&A packages in various states of completion, including some systems seeking their initial accreditation. Responsibilities include corresponding with the customer to determine system accreditation needs and scheduling, examination of system design and integration to support building an accreditation package, liaising with all IA specialists to support system scanning and checklist execution, and documenting the status, mitigation and/or remediation of any identified security findings.

Other responsibilities include documenting and assessing system configuration changes for security implication, providing periodic assessments, certification status and required reporting, and the maintenance of all required documentation while the system remains in active service. In addition, the position requires overseeing and working with Technical Writing experts in the development of the total ATO Package.

MAJOR JOB ACTIVITIES: Please list by order of priority and, if possible, provide the percentage of time spent on the activity all should equal 100%.

  • Submit proposed updates to the accreditation boundary Authority to Operate.

  • Provide programmatic and technical support for all weekly Certification Solution Review (CSR) and weekly Integrated Certification Solution Review (ICSR) meetings.

  • Prepare a meeting agenda for submittal to the Government.

  • Track and present outstanding DIACAP (or successor certification and accreditation requirements) Packages by phase, including expiring accreditations, and the resolution of issues impacting those Packages.

  • Prepare and coordinate Operational Impact Statements on all DIACAP packages in jeopardy of not being completed by the current accreditation termination date (ATD).

  • Produce and provide C&A related information, including detailed location topology drawings and other documentation such as the SIPRNet and NIPRNet Connection Questionnaire required by DISA for Interim Authority to Connect (IATC) and Authority to Connect (ATC).

  • When implemented by DoD, meet all requirements and timelines for transition to the Risk Management Framework (RMF).

  • Consolidate DIACAP (or successor certification and accreditation requirements) Package documentation in accordance with DoD and DA security policies and requirements. (CDRL A023 - DoD Information Assurance Certification and Accreditation Process Package)

  • Conduct C&A testing in accordance with the DIACAP Implementation Plan (DIP) and other Government provided test plans.

  • Verify automated systems comply with security requirements and are accredited by the Operational Designated Approving Authority (ODAA) and the DAA Command, Control, Communications, and Computers prior to operating in the production environment.

  • Support, in a non-evaluating capacity, the Government in its role of DIACAP Validator in conducting site visits, IA Manager (IAM) interviews, as well as Security Test and Evaluations using Government provided test plans, building walkthroughs, and physical security inspections and room certifications.

  • Submit portions of DIACAP Package documentation that are under control of the Contractor to the Government no later than 60 days prior to impact date (date required to maintain or attain ATO or ATC). (CDRL A023 - DoD Information Assurance Certification and Accreditation Process Package)

    i. Run tests no earlier than four months prior to package submission.

    ii. Upload results to the IA Tracking Status (IATS) or available C&A tool.

  • Provide the Government architecture documentation, risk assessments, and risk mitigation plans to support DIACAP (or successor certification and accreditation requirements) accreditation.

  • Populate C&A templates per DIACAP (or successor certification and accreditation) requirements.


General Office Equipment


General office environment.


Lifting up to 15lbs unassisted.


Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.

  • Minimum CASP Information Assurance Certification required

  • Minimum of 6 years experience with DoD IA support; expertise with DIACAP (C&A) process.


  • Proven working experience in technical writing in an Information Assurance security related field.

  • Ability to deliver High Quality documentation paying attention to detail.

  • 3-6 years' experience in the Certification and Accreditation aspect of Information Assurance.

  • Experience with eMASS, ACAS, and HBSS Policy Editor/SCAP tool, required

  • Candidates must have a demonstrated level of expertise performing these duties within the Information Assurance community; previous specific Cyber Security experience, a plus.

  • In-depth knowledge of IA policies and regulations required. Must have IA experience with various operating systems

  • Experience applying operationally focused Security Technical Implementation Guides (STIG).

  • Must have experience with and a strong understanding of networking fundamentals.


  • Information Assurance Vulnerability Management (IAVM)

  • Technical writing capabilities.

  • Ability to communicate well with coworkers and customers.

  • Strong understanding of DoD IA requirements.

  • Retina Scan tool (or other IA scanning tools)