About the author
Keith Frederick, BS EE, M.B.A., CISSP, CAP, CRISC completed more than 35 years of information systems assessment experience to include over 25 years of information assurance, Certification and Accreditation (C&A), Risk Management Framework (RMF) and Federal Information Security Management Act (FISMA) with a proven record of success as a Security Control Assessor (SCA) and an information system security engineer. Hands-on experience includes hundreds of systems’ security control assessments, information systems development, systems analysis and design, key management services, programming, program design, as well as preparation in resource planning, programming, budgeting, and project management.
• Developed and taught numerous Information Assurance classes from C&A, Network Security, to Practical Information Assurance and many others.
• Invented, developed and implemented tool that automats the accomplishment of the security documentation, reports and continuous monitoring throughout a system’s lifecycle. The RMF Security Lifecycle tool is Cyber Profile ™ (CP™).
• Invented, developed and implemented a tool that helps users with the C&A workflow and documentation. Made standard throughout Department of Homeland Security. The C&A tool is Risk Management System™ (RMS™).
• Invented, developed and implemented a tool for Enterprise Vulnerability Management™ (EVM™) procured by Office of Budget and Management (OMB) and made a Standard.
• Invented, developed and implemented a tool for Total Enterprise Security Service™ (TESS™) an arrangement of ten security databases, which was sold to security professional. Procured by many throughout the Federal Government.
• Support NIST’s security working group providing edit and comments for the development of NIST Special Publication 800-37, “Guide for the Security Certification and Accreditation of Federal Information Systems” (2004) and NIST SP 800-37 Rev 1, “Guide for Security Authorization of Federal Information Systems, A Security Life Cycle Approach” (2010).
• Member of the task group that reviewed and committed on the DoD Information Technology Security Certification and Accreditation Process (DITSCAP), (1997) and the DoD Information Assurance Certification and Accreditation Process (DIACAP), (2006).
• Authored Air Force System Security Instruction (AFSSI) 5024, Volume 1-4 "The Certification and Accreditation (C&A) Process" (1996). This is the first government official document standardizing the C&A Process.
• Authored and presented a paper published nationally on an approach for accomplishing certification and accreditation (C&A) on information systems at the 16th National Computer Security Conference hosted by National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) again at the Standard System Center Conference hosted by Air Force Standard System Center (1993).