Security Assessment & Authorization (SA&A) / IT Security


Security Assessment & Authorization | Penetration Testing | Vulnerability Assessments

Security Assessment & Authorization (SA&A)

The National Institute of Standards and Technology (NIST) Risk Management Framework (Special Publication 800-37) has created a new model for risk analysis for federal agencies by moving from the traditional Certification & Accreditation (C&A) approach to a Security Assessment & Authorization (SA&A) model – a more real-time, dynamic view of risk. Federal agencies must adapt their current cyber security programs to align with the SA&A model, and focus on identifying security risks throughout the Systems Development Lifecycle (SDLC). We support all aspects of the SA&A model and bring our unique methodologies to each engagement, helping agencies assess their systems’ security posture and make appropriate authorization decisions. We have proven references and we differentiate ourselves from our competitors by bringing real-world attack and exploitation experience. Capricorn supports commercial AND federal agencies’ implementation of the SA&A model by providing these key services:

  • Threat Modeling
  • Security Requirements Analysis
  • Security Architecture and Design Review
  • Application Security Code Reviews & Penetration Testing
  • Web Applications
  • Network and Host
  • Wireless
  • Social Engineering & Enterprise Security Program Assessments

Penetration Testing

A penetration test determines how well your organization's security controls protect your assets from a direct Internet attack. Only a real penetration test by an experienced professional can simulate what would happen if a determined hacker were to attack your organization. With in-depth expertise in attacks and exploits used against mission-critical assets, through monitoring and protecting the networks of thousands of customers, you can use a multi-phase process to find and exploit vulnerabilities in your network.

Many of Capricorn’s Security Division technical staff members and consultants have 20 - 40 years' experience in evaluating the security of critical systems and in attacking a broad spectrum of targets. We believe that the best way to protect a system is to first un­derstand the system well enough to attack it successfully.

Vulnerability Assessments

An initial part of understanding the vulnerabilities in a system involves a detailed evalua­tion of the security state of the existing system. Given the inherent complexity of modern systems, use of an automated tool or service makes this examination much more effi­cient. Capricorn can provide an external assessment of the systems reachable from the Internet, or can place an appliance on the target company's intranet and provide regu­lar assessments of customer’s assets on the network.

The results of these recurring assessments are immediately available to the customer on a secure web portal. Once the current state of the target system(s) are known, these should be brought up to currency by updating or patching the systems' software. The evaluation reports pro­vided by Capricorn include web-links to any needed patches or upgrades. The reports also include references to comments and other reports on the efficacy and utility of the patches. Although decisions on patching and upgrading are always made by the cus­tomer on a case-by-case basis, Capricorn has automated tools available to mini­mize the staff time required to do the patching / upgrading.

Our Team includes CISM, CISA, and CISSP Certified Enterprise Systems Consultants each with over 25 years of enterprise information systems experience with security focus in multiple sectors.

  • Security Policy Design, Troubleshooting, Infrastructure Design and Analysis, Process Analysis,
  • Intrusion Detection/Prevention Systems, Authentication, 
  • IT Security Framework Implementation
  • Security as a Service (SaaS)
  • IT Support Delivery Design/Management
  • Security Risk Management
  • Managed Security Services (MSS)
  • IT Privacy

Please Contact us at 678-514-1080 x 2507 or email us at to learn more about this offering.