Sign In   Become a Member
HomeIA ControlsDocumentsC&A DocWriterOrder OnlineSearch
C&A DocWriter
C&A DocWriter Software Toolkit
C&A DocWriter Web Module
Demonstration and Training Videos
Enterprise Level Reports
Licensing and System Requirements
Compare Versions
Purchase Online
Additional Tools
Control Pack Builder
Plan Builder Client
Admin Client
Latest Announcements
C&A DocWriter Free Trial Versions are Now Available
Trial versions of the C&A DocWriter are now available.  Join FISMAcontrols.com for free to download the trial version of the Windows client, or access our demo version of the web module live.
SANS Institute - 20 Critical Security Controls
SANS Institute releases Version 2.3: November 13, 2009 - Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines http://www.sans.org/critical-security-controls/cag.pdf.  
CNSS Instruction No. 1253
Committee on National Security Systems (CNSS) releases Instruction No. 1253 - Security Categorization and Contol Selection for National Security Systems http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf.    
Starpoint Software Announces FISMAcontrols.com Sneak Preview
December 5, 2009
Starpoint Software Inc. is proud to announce the sneak preview of their new Information Assurance control web site - FISMAcontrols.com.  The site will support unlimited free access for this preview period only!
C&A DocWriter is backed by a proven history of commercial software development for science and engineering markets. Since 1994, Starpoint Software Inc. has been developing and marketing and critically acclaimed and commercially successful Windows software applications for the demanding customers in science and engineering. Out customer base ranges from small firms to Fortune 500 companies, from universities to government agencies in over thirty-five countries around the world.

Get Started with No Risk!  Download our C&A DocWriter Windows client free trial version or try our C&A DocWriter Web Module live!

Sign-in now to download the C&A DocWriter Windows client trial version, or try out our special demo version the C&A DocWriter Web Module. Not a member of FISMAcontrols.com? Sign-up now for free access to the C&A DocWriter web module running live in demo mode and free trial downloads.

Download our animated training video on the C&A DocWriter Web Module.

Buy with no risk! This is your chance to test drive all of the features available to you in our web-based Certification & Accreditation toolsuite.

C&A DocWriter® -- Software Suite for Managing C&A and IT Security

C&A DocWriter is a client-server application database for the management of IT security controls and documents for Government Certification & Accreditation, and Private Sector IT Governance, Privacy, and Security Auditing.  Users interact through either a Windows client application, or using a web browser to access the web module which you host on your Microsoft Windows servers.

C&A DocWriter addresses these areas of IT security and the Certification & Accredidation Process:

  • Collaborative Plan Development for System Security Plans and other documents.
  • Tracking Information Assurance controls and test procedures
  • Managing documents of any type
  • Tracking issues that need to be resolved to comply with security requirements
  • Managing recurring tasks
  • Product C&A artifacts such as Plans of Actions & Milestones (POA&M), System identification Profiles, and enterprise level reporting.

 

New:  New NIST 800-53 July 2009 Control Packs are available for low, moderate and high, including enhancements, guidance, and Industrial Control Systems (ICS) guidance.

New:  Download our new animated training movies showing program features and capabilities.

Use C&A DocWriter for the following C&A and IT security applications:

Federal Government IT Governance
DITSCAP 8510.1-M
DIACAP
NIACAP/NIST 800-18 General Support System (GSS)
NIACAP/NIST 800-18 Major Application (MA)
NIST 800-53 and 800-53A Controls including Guidance and Enhancements
JAFAN
NISPOM
C4ISP and ISP
DCID 6/3
FIPS 201 Personal Identity Verification
Army Regulation 25-2 August 3, 2007
NERC CIP Controls
Use C&A DocWriter to:
Create SSAA's and other security plans
Manage Requirements Traceability Matrices (RTMs)
Manage Plans of Actions and Milestones (POA&Ms)
Manage and Document Security Test and Evaluation documents (ST&E).
Manage and implement security controls.

New:  Version 5.0 Now Available!

Version 5.0 Features a New, More Efficient, Database Design Supporting:
Multiple Projects in a Single Database -- Manage all of your C&A data in a single database.
Multiple Systems per Project
Multiple Instances of an IA Control per System -- Track IA controls at any level of granularity.
Multiple Document Plan Templates per System -- Author and Track Multiple SSPs, SSAAs, COOPs, and other documents.
Share IA Controls Among Systems -- Improves management of system boundaries and provides more efficient documentation. 
Predefine Groups of IA Controls -- Build custom groups of controls for improved efficiency and reuse.
Version 5.0 Includes New Utility Programs
New Control Pack Builder utility to build your own packages of custom IA controls.  C&A DocWriter now supports importing IA controls from Microsoft Excel.
New Plan Builder utility to allows you to build and share document plan templates for SSPs, COOPs, and other plans.
New Administration Console consolidates all of your administrative tasks in a separate client.
Version 5.0 New Knowledge Base Minimizes Repetitive Data Entry
C&A DocWriter uses an new IA Control Knowledge Base to minimize repetitive data entry of IA control results.  As users enter data for IA controls, they can quickly browse previous entries for the same or similar controls and with a single button click, duplicate those results.  This minimizes the tedium of documenting control results and enables consistent responses and documentation across systems.
Other Great Features Include:
Generate C&A Artifacts in Word or Excel
Requirements Traceability Matrix
Plan of Actions and Milestones (POA&M)
DIACAP Scorecard
Issue Tracking -- Track issues and actions that need to be addressed to complete your C&A documents and assure compliance with action items.  It's like bug-tracking for the C&A process.
Advanced Search -- Powerful search capability helps you find documents and information. 

Author Security Plans in a Secure, Collaborative Environment

Unique to C&A DocWriter is the powerful hierarchical plan template. This approach allows all users who participate in the C&A process to share information.

The hierarchical plan brings together different users whether they are managers, security officers or testers under one umbrella that produces greater efficiencies and therefore lowers costs for building and managing security plans. Immediate operational and cost containment benefits include:

  • Dramatically shorter time to build a security plan and therefore certify the system
  • Skilled testers can spend less time on plan development and more on high-value testing tasks
  • Managing the plan electronically significantly reduces costs associated with handling, plan updates and storing paper documents
  • Plans are stored in an enterprise database for powerful search capabilities allowing organizations to easily update plans as new security threats emerge or new assets are added.

C&A DocWriter Security

C&A DocWriter allows you to develop security plans and management document under the highest practical security conditions.  C&A DocWriter is suitable for the Department of Defense highest levels of security.  Security features include:

  • Customizable password rules enforce minimum length and special character requirements for password.
  • Roles-based document access restricts documents to particular users.
  • Document version control ensures that only one user at a time can modify a document.
  • Documents are never overwritten with changes.  The entire change history of documents can be access (with the proper permission of course!)
  • User-based permissions control who gets to see or modify what.
  • Every login attempt is logged.
  • Every access to a document is logged.

System Specifications:

  • Desktop application supports Windows 2000, XP (including SP2) and Later
  • C&A DocWriter includes highly customizable security/permissions levels
  • Open database can be integrated with other enterprise systems

C&A DocWriter Database

C&A DocWriter supports the following databases:

  • Microsoft Access (2000 and Later)
  • Microsoft SQL Server (2000 and Later)
  • Oracle (9i and Later)