NCSA to certify Web sites
- By Sari Kalin
- Aug 18, 1996
NEW YORK - The National Computer Security Association (NCSA) recently announced a World Wide Web site certification program to help assure Web users and Web site administrators that sites are secure from hackers and invasions of privacy.
NCSA officials said the program is intended to give Webmasters confidence that their site will not be susceptible to hackers to give Internet service providers a tool for convincing customers that Web sites will be secure and to convince consumers that it is safe to give out credit card numbers over the Web.
In order to get an NCSA certification a Web site must be secured by a firewall an encryption mechanism must be used for sensitive data transmission and pages that have or accept sensitive data must be noncacheable. Users must be informed or given an opportunity to leave the site before it takes any user information and the server has to be physically secure and have access controls and backup procedures in place.
NCSA estimates that the cost for Web site certification will be $8 500 for a typical corporate Web site. There will be an animated logo on sites that obtain certification and from that users will be able to click to the NCSA site where there will be a list of all certified sites.
NCSA's concern is not just consumer business over the Web but also business-to-business transactions involving sensitive information such as personnel or medical records.
"What we're trying to do is remove the primary barrier to business on the Internet " said Peter Tippett president of NCSA based in Carlisle Pa. "and make it feel like a better place not just be a better place."
The certification program includes remote as well as on-site testing. NCSA will test encryption Java applets physical security and back-end security.
NCSA can be reached on the Web at www.ncsa.com.