NSA IA-CMM Rating
SRA has been rated by the National Security Agency (NSA) to conduct information security (INFOSEC) assessment services. SRA has received an INFOSEC Assessment Capability Maturity Model (IA-CMM) version 3.1 rating. This rating helps organizations select qualified providers to assess the security of their information systems.
The NSA rating profile is a direct application of the Continuous Appraisal Method using IA-CMM to measure the maturity of the INFOSEC processes performed within an organization. Only four companies, including SRA, have been appraised and rated in nine different process areas against the more rigorous IA-CMM version 3.1. This achievement in information assurance complements SRA’s Software Engineering Institute Capability Maturity Model® Integration (CMMI®) level 3 rating under the standards established by the Software Engineering Institute. CMMI demonstrates best practices in project management and software and systems engineering.
SRA’s “merging of NIST (National Institute of Standards and Technology) and NSA requirements” as well as other tools and methods were cited by the appraisers as best practices. SRA was initially appraised by the NSA in 2001 and currently maintains a staff of almost 200 information assurance professionals, of which over 50 are INFOSEC Assessment Methodology (IAM) certified and over 30 are INFOSEC Evaluation Methodology (IEM) certified.