Security focus shifts to systems

NIAP Common Criteria Evaluation and Validation Scheme

In its third year, a joint civilian/defense information assurance program

is shifting its focus from the certification of products to helping agencies

secure their systems.

Through the National Information Assurance Partnership, the National

Security Agency and the National Institute of Standards and Technology had

set up an accrediting system for laboratories to follow to certify security

products under an international standard — the Common Criteria Evaluation

and Testing Scheme.

"Now we're going to be turning our attention to the system-level problems,"

said Ron Ross, director of the NIAP, at the National Information Systems

Security Conference in Baltimore on Monday.

The NIAP has been helping agencies develop "protection profiles," a

set of security requirements that vendors follow to adapt a product to an

agency's needs. Until now, those protection profiles have been only for

products such as software and appliance-based firewalls.

But now the NIAP is helping to develop protection profiles for systems

and services. One such project involves the health care industry, which

needs to meet federal security requirements set forth in the Health Insurance

Portability and Accountability Act of 1996.

The Health Care Security Forum project at the NIAP is working with members

of the health care community to define security needs and determine how

a protection profile and the Common Criteria can help the health care sector

comply with HIPAA, said L. Arnold Johnson, project leader at the NIAP.

Already, many of the top health care user organizations have joined

to support the project, which will include requirements for systems to provide

traceable and documented evidence that they are meeting HIPAA policies,

Johnson said.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.