FAA puts Common Criteria to work

Officials at the Federal Aviation Administration had been aware of Common Criteria for years, but it was not until Marshall Potter joined the staff in 2000 as chief scientist for information technology in the chief information officer's office that the work really got started.

In January 2001, Potter launched an effort to apply Common Criteria to the management of the National Airspace System (NAS). Using Common Criteria, the FAA has created a template to help define the security requirements in the solicitations for each piece of this "system of systems," Potter said.

"The whole intent is to get complete and understandable requirements for the systems," said Joe Veoni, principal information security engineer in the communications and information systems department of Mitre Corp.'s Center for Advanced Aviation System Development. Mitre, a nonprofit organization that performs federally funded research, is part of the team working on the NAS protection profile template.

This approach made more sense than simply replicating the Defense Department mandate for national security organizations, Potter said.

In the national security community, priorities include maintaining confidentiality and controlling access to information. Most civilian agencies' top priorities are ensuring the integrity and availability of information. The different priorities require different approaches when it comes to defining security requirements, Potter said.

"There are those of us who need trusted systems, but we're not focused on security. We're focused on mission," he said.

Potter's team evaluated the threats to NAS and outlined the system's high-level security requirements — such as high integrity and high availability — and matched them up with the Common Criteria standard to develop the template. The team then brought in FAA program managers and acquisition officials to help make sure the template could be understood and used by the people who would actually be developing the solicitations.

The FAA released Version 1 of its template in March and is testing it on two project solicitations — the next version of the Controller Pilot Data Link wireless communications system and the En Route Automation Modernization program.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.