Implications of aggregated DoD information systems for information assurance certification and accreditation / Eric Landree [et al.].

Format:

Book

Contributor:

National Defense Research Institute (U.S.)

Landree, Eric.

Series:

Rand Corporation monograph series

Language:

English

Subjects (All):

Computer security--United States--Management.

Computer security.

Cyberinfrastructure--United States.

Cyberinfrastructure.

Computer networks--Security measures--United States.

Computer networks.

Computer networks--Certification--United States.

Computer networks--Accreditation--United States.

Information technology--Security measures--United States.

Information technology.

Information technology--Certification--United States.

Information technology--Accreditation--United States.

United States. Department of Defense--Information resources management.

United States.

United States. Department of Defense--Information technology.

Physical Description:

1 online resource (xx, 59 pages) : illustrations

Place of Publication:

Santa Monica, CA : RAND Corporation, 2010.

Summary:

The challenges associated with securing U.S. Department of Defense (DoD) information systems have grown as the department's information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe. Are current information assurance (IA) policies and procedures sufficient to address this growing threat, and are they able to address vulnerability issues associated with highly networked information systems? The current IA certification and accreditation (C&A) process focuses on individual, discrete systems or components of larger, aggregated information systems and networks that are colocated or operate on the same platform (such as a Navy ship). An examination of current policy shows that a new approach is needed to effectively extend the IA C&A process to aggregations of information systems and improve the security of DoD information systems. A number of recommendations are put forth to improve current IA policy and to enable the IA C&A of aggregations of DoD information systems that reside on a common platform.

Contents:

Background and objective Growing challenges for the information assurance certification and accreditation of DOD information systems Overview of the current DOD information assurance certification and accreditation process Aggregation approach to DOD information assurance certification and accreditation Observations and recommended changes to DOD and federal policy Appendixes A: DIACAP system identification profile Appendixes B: Definitions of MAC, CL, and MC

Notes:

"This research was conducted within the Acquisition and Technology Policy Center of the RAND National Defense Research Institute"--Preface

"RAND National Defense Research Institute."