New Federal Security Policy on the Waygreenspun.com : LUSENET : TB2K spinoff uncensored : One Thread
Federal Computer Week
(fair use blah blah posted 17:15 MST 2000/03/05)
"New federal security policy on the way
BY Dan Verton 03/02/2000
Commercial information security products designed to protect information systems from cyberattacks next year will have to meet strict international standards before government agencies can purchase them.
The new National Information Assurance Acquisition Policy, approved last month by the National Security Telecommunications and Information Systems Security Committee, will be phased in on Jan. 1, 2001, when all government agencies will be "encouraged" to purchase only those products that meet the standards. By Jan. 1, 2002, however, agencies will only be allowed to purchase commercial information assurance products evaluated by accredited national laboratories and that meet internationally recognized assurance standards.
"Information assurance (IA) shall be considered as a requirement for all systems used to enter, process, store, display, or transmit national security information," the policy states. "Effective 1 January 2001, preference shall be given to the acquisition of COTS IA and IA-enabled IT products which have been evaluated and validated."
The standards cited by the new policy include:
* The International Common Criteria for Information Security Technology Evaluation Mutual Recognition Arrangement.
* The National Security Agency /National Institute of Standards and Technology (NIST) National Information Assurance Partnership Evaluation and Validation Program.
* The NIST Federal Information Processing Standard validation program.
The National Security Telecommunications and Information Systems Security Committee is an intergovernmental organization representing 21 agencies. It establishes policy on the security of national security information systems and is chaired by Arthur Money, assistant secretary of Defense for command, control, communications, and intelligence."
-- firefly (email@example.com), March 05, 2000
Hope it does some good, but doubtful. It will only give those script kiddies a new challenge.
damn, why didn't they have computers when I was a young'n!
-- (firstname.lastname@example.org), March 05, 2000.