Review of the National Information Assurance Partnership (NIAP)

Larsen, Gregory N.; Burton, J. K.; Cohen, Patricia A.; Harvey, Rick A.; Meeson, Reginald N.; Nash, Michael S.; Nash, Sarah H.; Schneider, Edward A.; Simpson, William R.; Stytz, Martin R.; Wheeler, David A.

Review of the National Information Assurance Partnership (NIAP)

Active / Technical Report | Accession Number: ADA485024 |

Open PDF

Abstract:

This study was mandated by the National Strategy to Secure Cyberspace which requires the federal government to conduct a comprehensive review of the National Information Assurance Partnership NIAP to determine the extent to which it is adequately addressing the continuing problem of security flaws in commercial software products. The NIAP is a joint effort of the National Institute of Standards and Technology NIST and the National Security Agency NSA to provide technical leadership in the research and development of security-related information technology test methods and assurance techniques. The study reviewed the policy and requirements for cybersecurity, the current structure and functionality of the NIAP, and the expectations of the stakeholders. The study developed issues and recommendations and provided several options for pursuing cybersecurity programs that include all the elements necessary to establish an efficient and functional operational capability to strengthen the security of the software used in US systems and commercial software products.

Author(s):

Larsen, Gregory N. ; Burton, J. K. ; Cohen, Patricia A. ; Harvey, Rick A. ; Meeson, Reginald N. ; Nash, Michael S. ; Nash, Sarah H. ; Schneider, Edward A. ; Simpson, William R. ; Stytz, Martin R. ; Wheeler, David A.

Author Organization(s):

INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA

Descriptive Note:

Final draft

Supplementary Note:

Task BC-5-2382. The original document contains color images.

Pagination:

0284

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

IDA-P-4009, IDA/HQ-05-000750/2

Contract/Grant Number(s):

DASW01-04-C-0003, W74V8H-05-C-0042

Monitor Series:

05-000750/2, OASD(NII)DC

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.3_Develop Strategy; JCA_7_Protection; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6_Net Centric; JCA_5.5_Direct; JCA_6.4.1_Secure Information Exchange; JCA_5.5.1_Communicate Intent and Guidance; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3_Force Application; JCA_3.2_Engagement; JCA_3.2.2_Non-Kinetic Means; JCA_5.3.1_Analyze Problem; JCA_8_Building Partnerships; JCA_1_Force Support

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*INFORMATION ASSURANCE, HOMELAND SECURITY, SOFTWARE TOOLS, INFORMATION SECURITY

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

*NIAP(NATIONAL INFORMATION ASSURANCE PARTNERSHIP), CYBERSECURITY, CYBERSPACE

Report Date:

2005 Jan 01

Creation Date:

2008 Aug 27