National security plan calls for security standards

Federal agencies planning information technology procurements will need to incorporate information assurance products, systems and services into major purchases, according to a new national computer security plan announced by President Clinton.

The National Plan for Information Systems Protection called for incorporation of information assurance products into pending procurements while a triad of agencies work to revise procurement regulations to require incorporation of standard cyberprotection products and services. The plan, released on Jan. 12, calls for the General Services Administration, the Defense Department and the Office of Management and Budget — working in conjunction with the National Institute of Standards and the National Security Agency — to develop the information assurance standards and regulations.

NIST and the NSA have already created a framework for these standards with their National Information Assurance Partnership (NIAP). NIAP also has started to accredit commercial laboratories to conduct security evaluations and validations of existing commercial products and systems.

The plan also said the government would adopt a "practical, phased-in approach" to new security products and systems. All government agencies must adopt information assurance standards and practices in their procurements by January 2001.

Featured

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected