|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [IDS] IDS Common Criteria
Date: Tue Jan 07 2003 - 18:49:52 EST
At 11:00 PM 1/7/2003 +0000, Talisker wrote:
>Sadly within the public sector installing an IDS isn't merely a question of
You've hit the hidden nail pretty close to its head. The U.S Government
public sector now requires significant Certification and Accreditation (C&A)
efforts for any new infrastructure being stood up and it is in the process
of introducing C&A into existing infrastructure. CC product certifications
are an integral part of the C&A process now, and they're not going away.
The U.S. Military has been doing C&A on their critical infrastructure for
as long
as I can remember. The point is that post 9/11 pretty much -everything- in the
U.S. .gov and .mil network domains is being identified as critical
infrastructure.
From the outside-in view, CC and it's C&A parent are bureaucratic at best and Byzantine at worst. In the projects I'm involved with these days, I spend as much time on C&A issues as I do on technical issues. I'm seeing the process from the inside. It does get mind-bogglingly complex sometimes, and everyone I know that's involved relieves the pressure with an occasional witty rant or two. My previous humorous comments aside though, C&A has identified weakness in infrastructure that would have escaped detection otherwise. C&A has this annoying habit of working.
Sure, the overall process can be improved, and I'm sure it will - but it does what it's supposed to do now. From a structural security perspective, C&A is essential. I wouldn't be surprised to see the commercial sector adopt C&A processes and demand CC certs in the next year or two.
8)
Randy Received on Tue Jan 7 19:07:49 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:05 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |