Approved for 1 CompTIA CEU: A+, Network+, Security+, Cloud+, CySA+, PenTest+, and CASP; 1 GIAC CPE
Today's technology advances and threats necessitate agile and cost effective approaches to protecting national security systems and information. The U.S. Government has migrated from the exclusive use of Government Off-the-Shelf (GOTS) products to a mix of Commercial Off-the-Shelf (COTS) and GOTS products for the protection of information within our national security systems (NSS).
The proliferation of COTS Information Assurance (IA) products such as firewalls and intrusion detection systems, as well as IA-enabled products such as operating systems and mobile devices with security attributes, has provided the community of users with a multitude of products to choose from. All of the products come with their own specific claims relative to the security fucntions they provide. In this context, it is important tha COTS IA and IA-enabled IT products acquired by U.S. Government NSS departments and agencies successfully pass a standardized evaluation process that provides assurance that claimed security functionality is present and operational.
Thi is where the National Information Assurance Partnership, or NIAP, comes into play. Learn about NIAP's program for developing Protection Profiles with security criteria that commercial products are evaluated against and the evaluation methodologies that provide the assurance that products are tested completely and with rigor.
In this session, the speaker will address the following topics related to NIAP and Common Criteria:
- Benefits for the Government: Protection profiles which assist in specification of functional and assurance requirements.
- Benefits for Industry: Predictability of criteria for evalutions. Support for claims about the security attributes of products.
- Benefits for Testing Laboratories: Framework against which to evaluate products.
- Relationship between NIAP evaluations and DISA Security Requirements guides and Security Technical Implementation Guides.