Regs set for security

Commercial information security products designed to protect information

systems from cyberattacks next year will have to meet strict international

standards before government agencies can purchase them.

The new National Information Assurance Acquisition Policy will be phased

in on Jan. 1, 2001, when all agencies will be encouraged to purchase only

those products that meet the standards. The National Security Telecommunications

and Information Systems Security Committee, which establishes policy on

the security of national security information systems, approved the policy

last month.

After Jan. 1, 2002, agencies will be allowed to purchase only commercial

information assurance products evaluated by accredited national laboratories

and that meet internationally recognized assurance standards.

The policy document suggests agencies that operate non-national security

systems may want to purchase only accredited products in the future as a

means to comply with Presidential Decision Directive 63, which requires

agencies to protect critical computer systems.

Government and commercial information assurance products purchased before

the effective dates are exempt. Requests for waivers must be made through

the National Security Agency.

The standards cited by the new policy include:

* The International Common Criteria for Information Security TechnologyEvaluation

Mutual Recognition Arrangement.

* The National Security Agency/National Institute of Standards andTechnology

(NIST) National Information Assurance Partnership Evaluation and Validation

Program.

* The NIST Federal Information Processing Standard validation program.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.