National Information Assurance Partnership

National Information Assurance Partnership

The National Information Assurance Partnership (NIAP) is a United States government initiative to meet the security testing needs of both information technology consumers and producers that is operated by the National Security Agency (NSA), and was originally a joint effort between NSA and the National Institute of Standards and Technology (NIST).

Contents

Purpose

The long-term goal of NIAP is to help increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and validation programs. In meeting this goal, NIAP seeks to:

  • Promote the development and use of evaluated IT products and systems
  • Champion the development and use of national and international standards for IT security
  • Foster research and development in IT security requirements definition, test methods, tools, techniques, and assurance metrics
  • Support a framework for international recognition and acceptance of IT security testing and evaluation results
  • Facilitate the development and growth of a commercial security testing industry within the U.S.

Services

NIAP Validation Body

The principal objective of the NIAP Validation Body is to ensure the provision of competent IT security evaluation and validation services for both government and industry. The Validation Body has the ultimate responsibility for the operation of the CCEVS in accordance with its policies and procedures, and where appropriate: interpret and amend those policies and procedures. The NSA is responsible for providing sufficient resources to the Validation Body so that it may carry out its responsibilities.

The Validation Body is led by a Director and Deputy Director selected by NSA management. The Director of the Validation Body reports to the NIAP Director for administrative and budgetary matters and to NSA certificate-issuing authorities for CCEVS related operational matters. In general, the Director and Deputy Director serve a two-year term of service. This term of service may be extended at the discretion of NSA management. There are also a significant number of technical and administrative support personnel required to provide a full range of validation services for the sponsors of evaluations and the Common Criteria Testing Laboratories (CCTL). These personnel include validators, technical experts in various technology cells, and senior members of the technical staff and the IT security community on the oversight board.

The Validation Body ensures that appropriate mechanisms are in place to protect the interests of all parties within the CCEVS participating in the process of IT security evaluation. Any dispute brought forth by a participating party, (i.e., sponsor of an evaluation, product or Protection Profile developer or CCTL), concerning the operation of the CCEVS or any of its associated activities shall be referred to the Validation Body for resolution. In disputes involving the Validation Body, NSA management will attempt to resolve the dispute through procedures agreed upon by the two organizations.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • National Information Assurance Partnership (NIAP) — The National Information Assurance Partnership (NIAP) is a United States government initiative to meet the security testing needs of both information technology consumers and producers which is operated by the National Security Agency (NSA) and… …   Wikipedia

  • National Information Assurance Certification and Accreditation Process — The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information …   Wikipedia

  • Information assurance — (IA) is the practice of managing information related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non… …   Wikipedia

  • Information security professionalism — is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also… …   Wikipedia

  • Evaluation Assurance Level — The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing… …   Wikipedia

  • National Security Agency — NSA redirects here. For other uses, see NSA (disambiguation). For the Bahraini intelligence agency, see National Security Agency (Bahrain). National Security Agency Agency overview …   Wikipedia

  • Information Resources Management College — Infobox University name = Information Resources Management College established = February 24, 1893 motto = A Global Learning Community for the World s Most Promising Leaders type = Government Institution Director = Robert D. Childs city =… …   Wikipedia

  • National Incident Management System — NIMS redirects here. For other meanings see Nims. The National Incident Management System (NIMS) is emergency management doctrine used nationwide to coordinate emergency preparedness and incident management and response among the public (Federal …   Wikipedia

  • Information Trust Institute — labbox laboratory= Information Trust Institute (ITI) seal establishment=2004 focus=Information Security director= William H. Sanders location=Urbana, Illinois affiliation=UIUC website=iti.uiuc.edu History The Information Trust Institute (ITI) was …   Wikipedia

  • National Instistute of Statistics and Applied Economics — National Institute of Statistics and Applied Economy Formation Center Of Engineers in Statistics Works Established 1961 Type Public …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”