Skip to Content

System and Software Accreditation

MERC has extensive experience developing accreditation packages to obtain the highly coveted Authority to Operate for traditional or airborne systems or networks in classified or unclassified environments.  We have been successful supporting multiple Air Force approving officials and information system owners since the inception of formal accreditation.

MERC has the technical expertise to implement the assessed National Institute of Standards and Technology’s (NIST) control sets or Center for Internet Security (CIS)-based benchmarks on any network or enclave. We have developed policies, procedures, and supporting evidence including manual and automated test scripts.  We can provide vulnerability assessments and remediation as well as penetration testing in order to assess and further document network security.  Finally, most ATO packages require a threat assessment which is used to inform control selection, MERC has provided threat-based risk assessments based on intelligence data.