Letter to the editor

Following are responses to an FCW.com poll question that asked: "Should security services vendors be certified before they can sell to the government?"

Presently, there are no universal standards for certification of security service products, as you have the Federal Information Processing Standards, Common Criteria and International Organization for Standardization standards for which security products must be certified.

Until there are agreed-upon standards that companies can use to certify their products at reasonable prices and in reasonable timeframes, I vote no as it would, in my view, stifle security product development tailored toward government threats and vulnerabilities.

Harry Krimkowitz
IMSI

***

Computer software and hardware should absolutely be required to be certified. My fear is that the U.S. government will create a massive, time-consuming, Byzantine review process when there are plenty of respectable third-party review processes already in effect for most security-related products, such as TruSecure Corp.'s certification described in a CIO magazine article, "Stamps of Approval."

Preston Chrisman
Computer Associates Inc.

WRITE US

We welcome your comments. To send a letter to the editor, use this form.

Please check out the archive of Letters to the Editor for fellow readers' comments.

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected