NIST LEADS EFFORT TO UPDATE AND STANDARDIZE CERTIFICATION PROCEDURES IN THE FEDERAL GOVERNMENT.Under the auspices of the National Information Assurance Partnership (NIAP See Common Criteria. ), NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. hosted an Information Assurance Technology Framework Forum on system certification and accreditation in January 2001. The forum brought together more than 450 government and industry participants worldwide to discuss common technical approaches to IT system certification and accreditation. Presenters included government organizations, insurance and auditing organizations, and producers of IT products and systems. The forum featured state-of-the art tools and techniques for supporting certification activities and provided selected case studies from organizations that have conducted successful certifications. The process of certification can help provide needed information to accreditation authorities and can affect the ultimate security of IT systems and networks. The certification process provides a well-defined set of activities to manage the security of an IT system throughout its life cycle--from the initial requirements definition phase to the acquisition and procurement The fancy word for "purchasing." The procurement department within an organization manages all the major purchases. phase to the final installation and maintenance phases. With regard to security, the successful certification process helps IT professionals understand what their IT security requirements are, how to obtain the needed IT system and field it successfully, what the IT system actually does when in operation, and how to maintain the security of the installed IT system. NIST will take a leadership role within the Federal Government in this area by updating its current Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. (FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. ) 102, "Guidelines for Computer Security Certification A certification issued by competent authority to indicate that a person has been investigated and is eligible for access to classified matter to the extent stated in the certification. and Accreditation," with inputs from public and private-sector organizations and by the development of more standardized standardized pertaining to data that have been submitted to standardization procedures. standardized morbidity rate see morbidity rate. standardized mortality rate see mortality rate. , measurable techniques for assessing the security aspects of IT systems. The objective is to eliminate conflicting and duplicative certification procedures within the government and to obtain consistent application of certification processes across federal agencies. For more information, see http://niap.nist.gov. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion