New federal security policy on the way

Commercial information security products designed to protect information

systems from cyberattacks next year will have to meet strict international

standards before government agencies can purchase them.

The new National Information Assurance Acquisition Policy, approved

last month by the National Security Telecommunications and Information Systems

Security Committee, will be phased in on Jan. 1, 2001, when all government

agencies will be "encouraged" to purchase only those products that meet

the standards. By Jan. 1, 2002, however, agencies will only be allowed to

purchase commercial information assurance products evaluated by accredited

national laboratories and that meet internationally recognized assurance


"Information assurance (IA) shall be considered as a requirement for

all systems used to enter, process, store, display, or transmit national

security information," the policy states. "Effective 1 January 2001, preference

shall be given to the acquisition of COTS IA and IA-enabled IT products

which have been evaluated and validated."

The standards cited by the new policy include:

* The International Common Criteria for Information Security Technology

Evaluation Mutual Recognition Arrangement.

* The National Security Agency/National Institute of Standards and


(NIST) National Information Assurance Partnership Evaluation and Validation


* The NIST Federal Information Processing Standard validation program.

The National Security Telecommunications and Information Systems Security

Committee is an intergovernmental organization representing 21 agencies.

It establishes policy on the security of national security information systems

and is chaired by Arthur Money, assistant secretary of Defense for command,

control, communications, and intelligence.


  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected