Cybersecurity Inspection Body Program

Elizabeth CarbonellaAccreditation Manager

March 27, 2019

A Better World Through Accreditation 2019 by A2LA

Introduction Elizabeth Carbonella Accreditation Manager, Inspection Body and Materials Testing Been with A2LA since November 2006 Took over management of the Inspection Body program in June 2016 B.A. in Mathematics from Eastern University in PA

3/28/2019 2

A Better World Through Accreditation 2019 by A2LA

Who is A2LA?American Association for Laboratory Accreditation

Established in 1978 Largest U.S. multi-discipline Conformity Assessment Body (CAB)

Accreditation system 3300+ CABs (certificates) currently accredited 5th largest accreditation body in the world Non-profit, non-government (Impartial and Independent) ILAC MRA-signatory

3/28/2019 3

A Better World Through Accreditation 2019 by A2LA

Benefits of Accreditation Takes away administrative burden from specifiers/regulators Confirmation of competency for specific tasks Consistency Between specifiers/regulators Accredited organizations

3/28/2019 4

A Better World Through Accreditation 2019 by A2LA

Specifiers of Accreditation Federal Government: EPA, FAA, FCC, NAVSEA, NIST, NELAP (EPA),

NRC, NIST/NVCASE, GSAAerospace Industry: Boeing, General Electric, Hamilton

Sundstrand, Pratt & Whitney Bluetooth Cellular Telephone & Internet Association (CTIA)

3/28/2019 5

A Better World Through Accreditation 2019 by A2LA

How did we get involved? FedRAMP Program started in 2014 Work closely with the PMO Confirm FedRAMP requirements are met

3/28/2019 6

A Better World Through Accreditation 2019 by A2LA

Cybersecurity Inspection Body Program Third-party accreditation offers an independent review of an

organization’s compliance to both: ISO/IEC 17020 (Requirements for the operation of various types of

bodies performing inspections) and Technical program requirements for the desired scope of accreditation

(I.e. SOC II, HIPAA/HITECH, PCI, etc.)

Organizations in this program are known as Independent Assessment Organizations (IAOs)

3/28/2019 7

A Better World Through Accreditation 2019 by A2LA

Baltimore Cyber RangeA2LA has partnered with the Baltimore Cyber Range (BCR)

(https://www.baltimorecyberange.com/) to administer a Technical Proficiency Activity This is meant to simulate a real engagement by identifying system

implementation and configuration non-compliance issues

As an IAO, you are required to send ONE team through the exercise annually

3/28/2019 8

A Better World Through Accreditation 2019 by A2LA

Market Needs

3/28/2019 9

A Better World Through Accreditation 2019 by A2LA

NISTWorking to educate government agencies on the third party,

private sector options to support their efforts

Providing documents and guidance on the available standards and the benefits of accreditation NIST Special Publication 2000-01 “ABC’s of Conformity Assessment” NIST Special Publication 2000-02 “Conformity Assessment Considerations for Federal

Agencies”

3/28/2019 10

A Better World Through Accreditation 2019 by A2LA

Questions?

3/28/2019 11

A Better World Through Accreditation 2019 by A2LA 3/28/2019 12

Contact InformationA2LA

5202 Presidents CourtSuite 220

Frederick, MD 21703

301 644 3248 Main301 662 2974 Fax

info@A2LA.org

www.A2LA.org

2019 by A2LAAll rights reserved. No part of this document

may be reproduced in any form or by any means without the prior written permission of A2LA.

A Better World Through Accreditation