Showing results for 
Search instead for 
Did you mean: 
Contributor III

FINAL NOTIFICATION FOR END OF PRIMARY SUPPORT (EOPS): Please be advised that this Platform version is no longer supported. Once a product reaches EOPS, RSA Archer Technical Support is no longer available under base support/maintenance agreements.


Extended Support is being offered only for Platform versions 5.5 through 5.5 SP4 through December 31, 2018, to those customers with a current maintenance contract as a prerequisite to an Extended Support purchase. Extended Support does not include Hot Fixes, best effort support only. For questions, please refer to the Product Version Life Cycle.


Contact your local Existing Accounts Manager with assistance in upgrading to a supported 6.x version. Thank you.



Comply with FISMA while improving security

2016_RSA Archer GRC for light backgrounds.png


The assessment & authorization process is at the core of FISMA compliance and is meant to show that each Information System is operating at an acceptable level of risk. The federal IA professional can deploy RSA Archer Assessment & Authorization solution not just as a compliance tool but also as a foundation for a comprehensive Information Assurance Management suite.


The RSA Archer Assessment and Authorization (A&A) solution provides testing and compliance functionality for federal information systems. It is used to assess and authorize information systems so that they can achieve and maintain an authorization to operate (ATO). The solution enables the full cycle of A&A activities defined by all current federal methodologies: National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), DoD Information Assurance Certification and Accreditation Process (DIACAP), DoD RMF and Federal Risk and Authorization Management Program (FedRAMP). The solution can be used to define information system boundaries, categorize them by impact level, and assign appropriate security control sets, including the use of control overlays, defined in the latest revision of NIST 800-53. A&A has a full-featured control assessment application which assigns current, relevant risk metrics as well as a monitoring strategy feature which integrates seamlessly with the RSA Archer Continuous Monitoring solution. Workflows enable approval processes for authorization, risk acceptance, and changes to the authorization package. A comprehensive POA&M management application tracks the risk, progress, and resources associated with every open finding. The solution can export fully populated and properly formatted risk reports, Security Assessment Reports (SARs), System Security Plans (SSPs), and FISMA reports.


The RSA Archer Federal Enterprise Management solution is required for the function of both A&A and CM solutions. This solution serves as the system of record for every person, location, component and tier in an organization, as well as every piece of hardware, software and information asset. The Enterprise solution provides the components with which A&A builds information systems boundaries and also for defining the organization structure for reporting and compliance. Lastly, the solution can assign criticality to missions and business processes and illustrate which information systems are supporting them.


**Please review the release notes for RSA Archer Assessment & Authorization (A&A) and RSA Archer Federal Enterprise Management v2 for more information.



New license is required for RSA Archer A&A solution.  If you have questions or require additional information about licensing, please contact RSA Archer at or call 1-888-539-EGRC.


RSA Archer A&A solution is supported on RSA Archer GRC Platform version 5.5 and higher.