NIAP chief touts Common Criteria

Officials at the National Information Assurance Partnership have effectively raised the level of security in many information technology products used by the government, the security group's director said today.

The aim of NIAP, an initiative of the National Institute of Standards and Technology and the National Security Agency, is to increase the level of trust users have in their information systems through the use of security testing, evaluation and validation programs. To that end, NIAP officials are responsible for implementing the Common Criteria Evaluation and Validation Scheme, a rigorous set of security tests that adhere to international standards. NIAP officials provide technical guidelines to eight commercial laboratories which conduct the tests.

Statistics gleaned from the labs' Common Criteria work indicates that the testing is improving security, said Jean Schaffer, director of NIAP. Schaffer spoke during a session at a Federal Information Assurance Conference held this week at the University of Maryland.

So far, 100 percent of the products evaluated have been approved, she said. The testing directly improved 30 percent of the products tested by eliminating security flaws that could have been exploited by attackers. About 40 percent of the products evaluated were improved by the addition or extension of security features, Schaffer said.

Critics say Common Criteria testing costs too much and takes too long, but Schaffer argued that these claims are made by those who do not have firsthand knowledge about the testing. Feedback from the labs shows that testing for Evaluation Assurance Level (EAL) 2 — the minimum level of security, which includes products such as firewalls, intrusion-detection systems, routers and switches

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.