National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Slides:



Advertisements
Similar presentations
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
APEC Air Cargo Security Workshop Bangkok, Thailand June 2008.
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Quality Label and Certification Processes Vienna Summit 11 April 2014 Karima Bourquard Director of Interoperability IHE-Europe.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: Chattanooga TN 37403
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Security Controls – What Works
8 November Common Criteria Protection Profiles and the NSA Strategy for Their Use Within the U.S. Department of Defense Louis.
November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Use of emerging technologies in provision of Cancer Information Services: an international snap shot Dr Amanda Hordern PhD Director, Cancer Information.
1 Copyright © 2014 M. E. Kabay. All rights reserved. Standards for Security Products CSH5 Chapter 51 “Security Standards for Products” Paul J. Brusil and.
Presented at CLEAR’s 23rd Annual Conference Toronto, Ontario September, 2003 Public Accountability – Best Practices Accrediting Your Certification Program.
Expert Group on New and Renewable Energy Technologies (EGNRET) APEC 21 st Century Renewable Energy Development Initiative Cary Bloyd Argonne National Laboratory.
Industrial Standards Framework and Energy Management Aimee McKane, Lawrence Berkeley National Laboratory.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
An introduction to the National Voluntary Laboratory Accreditation Program Sally Bruce, Chief for the National Voluntary Laboratory Accreditation Program.
NVLAP Overview and Accreditation Process March 2006.
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Board on Career Development: Strategic Planning David E. Lee Chair Board on Career Development 25 February 2013.
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc
The International Task Force on Harmonization and Equivalency in Organic Agriculture (ITF)
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Illinois Small Business Forum. Illinois Entrepreneurship Network (IEN) (800)
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.
INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
CMSC : Common Criteria for Computer/IT Systems
Security Automation May 26th, Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
1 International Electricity Infrastructure Assurance (IEIA) Forum A Collaboration of Australia/Canada/New Zealand/United Kingdom/United States North American.
1 Bill Prymak, US Department of Energy Golden Field Office February 19, 2009 Energy Assessments: What are the Benefits to Small and Medium Facilities?
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
December 1, 2004 Slide 1 Presented by Dan Bart, TIA and ANSI-HSSP Co-Chair December 1, 2004 Presentation on ANSI and the Homeland Security Standards Panel.
1 Outcome of the 4 th Global Animal Health Conference (GAHC) June 2015 Bettye K. Walters, DVM US Food and Drug Administration
CSCE 727 Awareness and Training Secure System Development and Monitoring.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
WELCOME TO IQCS CERTIFICATION PRIVATE LIMITED (INDIA)
Strategies for monitoring
Partnerships for VoIP Security VoIP Protection Profiles
APEC 21st Century Renewable Energy Development Initiative
Emanuele Riva – IAF Vice-Chair
North American Stakeholder Meeting:
OIML Certification System (OIML-CS)
Cybersecurity Workforce Development for the Nation
The Value of Accreditation
Collaborative regulation in the digital economy
Presentation transcript:

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm

NIAP Roadmap Introduction Partnership Objectives Program Areas, Activities, and Services FY 2000 Projects Security Requirements Definition and Testing Mutual Recognition Education, Training and Outreach Programs Summary

Today’s Climate Rapidly changing information technologies and compressed technology life cycles Growing complexity of IT products and systems Increasing connectivity among systems Dependence on commercial off-the-shelf IT products and systems Need for greater assurance in critical information infrastructures (both public and private sector)

Today’s Challenge Consumers have access to an increasing number of security-enhanced IT products with different capabilities and limitations Consumers must decide which products provide an appropriate degree of protection for their information systems Impact: choice of products affects the security of systems in the critical information infrastructure

What is Needed? Producers of IT products need to have a better understanding of consumer’s information security requirements Consumers of IT products need to have better ways to: 3specify desired security features 3assess the security claims made by producers

Introducing NIAP NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to meet the security testing needs of information technology (IT) producers and consumers The long-term goal of NIAP is to increase the level of trust consumers have in their systems and networks through the use of cost-effective testing, evaluation and validation programs

Partnership Objectives Promote the development and use of evaluated IT products and systems Champion the development and use of national and international standards for IT security Foster research and development of IT security requirements, test methods, tools, techniques, and assurance metrics Support a framework for international recognition and acceptance of IT security evaluation results Facilitate the development and growth of a commercial IT security testing industry within the U.S.

Program Areas Security Requirements Definition and Specification How do we tell product developers what types of IT security we want? Product and System Security Testing and Evaluation How do we know if developers produced what we asked for? Information Assurance Research How can we improve the ways we achieve assurance in our products and systems?

Activities and Services Operate Common Criteria Evaluation and Validation Scheme for IT Security Maintain lists of approved IT security testing laboratories, validated products, and approved test methods Support the International Mutual Recognition Arrangement for IT security evaluations Issue Common Criteria certificates for IT products that have been successfully evaluated and validated Promote government and industry forums for the development of IT security requirements and specifications

Activities and Services Support information systems security evaluation and assessment programs Provide state-of-the-art, web based repository of security testing information for IT products and systems Sponsor technical classes and workshops for IT product developers, testing laboratories, and consumers Collaborate with industry in the research and development of tools, techniques, and methods for IT security testing Serve as a general center for expertise and resources for the IT security testing community

NIAP 2000 Projects Common Criteria Evaluation and Validation Scheme Cryptographic Module Protection Profile Development Healthcare Security Forum Smart Card Security Forum Telecommunications Security Forum Common Criteria Tool Box Automated Security Testing INFOSEC Assessment Program Threat and Vulnerability Research Security in Open Source Software

Defining Requirements ISO Standard A flexible, robust catalogue of IT security requirements (features and assurances) Protection Profiles Consumer-driven security requirements in specific information technology areas Access Control Identification Authentication Audit Cryptography Operating Systems Database Systems Firewalls Smart Cards

Industry Responds Firewall Security Requirements Protection Profile A consumer statement of security requirements to industry Security Targets Vendors statements of security claims for their IT products Security Features and Assurances Firewall Product 4 Firewall Product 3 Firewall Product 2 Firewall Product 1

Automated Tools IT Product Security Requirements Helping Consumers IT Product Security Specifications Helping Industry

Demonstrating Conformance Vendors bring IT products to independent, impartial testing facilities for security evaluation IT Products Common Criteria Testing Labs Private sector, accredited security testing laboratories conduct evaluations Test results validated by NIAP and CC certificate issued Test Report

Mutual Recognition NIAP, in conjunction with the U.S. State Department, negotiated a Common Criteria Mutual Recognition Arrangement that: Provides recognition of U.S. issued certificates by Canada, the United Kingdom, France, Germany, Australia, and New Zealand Eliminates need for security evaluations in more than one country and provides excellent global market opportunities for U.S. IT product vendors

NIAP Testing Advantages Specification of security features and assurances based on an International Standard Evaluation methodology based on an International Standard---leading to comparability of test results Testing laboratory expertise assessed by NIST’s National Voluntary Laboratory Accreditation Program---an internationally recognized program based on international standards Quality technical oversight provided by NIST/NSA experts Evaluation results recognized by many nations

Education and Training Common Criteria Protection Profile Development Classes Common Evaluation Methodology Familiarization Classes Common Criteria Evaluation and Validation Technical Workshops Information Assurance Workshops

Summary NIAP is helping secure the critical information infrastructure (public and private sectors) by: Promoting the development of a commercial security testing industry in U.S. Increasing the security of IT systems through wider availability of evaluated products Providing product developers with an opportunity to sell evaluated products in world-wide markets

Contact Information National Information Assurance Partnership 100 Bureau Drive Mailstop 8930 Gaithersburg, MD DirectorDeputy DirectorTechnical Advisor Dr. Ron S. RossTerry LosonskyR. Kris Britton NIST-ITLNSA-V1NSA-V1 (301) (301) (410) World Wide Web: Conference Web Site:

First International Common Criteria Conference National Information Assurance Partnership 100 Bureau Drive Mailstop 8930 Gaithersburg, MD World Wide Web: May 2000 Baltimore Convention Center Baltimore, MD sponsored by

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.