National security plan calls for security standards

Federal agencies planning information technology procurements will need to incorporate information assurance products, systems and services into major purchases, according to a new national computer security plan announced by President Clinton.

The National Plan for Information Systems Protection called for incorporation of information assurance products into pending procurements while a triad of agencies work to revise procurement regulations to require incorporation of standard cyberprotection products and services. The plan, released on Jan. 12, calls for the General Services Administration, the Defense Department and the Office of Management and Budget — working in conjunction with the National Institute of Standards and the National Security Agency — to develop the information assurance standards and regulations.

NIST and the NSA have already created a framework for these standards with their National Information Assurance Partnership (NIAP). NIAP also has started to accredit commercial laboratories to conduct security evaluations and validations of existing commercial products and systems.

The plan also said the government would adopt a "practical, phased-in approach" to new security products and systems. All government agencies must adopt information assurance standards and practices in their procurements by January 2001.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

Stay Connected