Record:   Prev Next
Title Implications of aggregated DoD information systems for information assurance certification and accreditation / Eric Landree ... [et al.]
Imprint Santa Monica, CA : RAND, 2010
book jacket
 Euro-Am Studies Lib  355.6 Im76 2010    AVAILABLE  -  30500101430760
Descript xx, 59 p. : ill. (some col.) ; 23 cm
Series Rand Corporation monograph series
Rand Corporation monograph series
Note "Prepared for the United States Navy."
"RAND National Defense Research Institute."
"MG-951-NAVY."--P. [4] of cover
Includes bibliographical references (p. 57-59)
The challenges associated with securing U.S. Department of Defense (DoD) information systems have grown as the department's information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe. Are current information assurance (IA) policies and procedures sufficient to address this growing threat, and are they able to address vulnerability issues associated with highly networked information systems? The current IA certification and accreditation (C&A) process focuses on individual, discrete systems or components of larger, aggregated information systems and networks that are colocated or operate on the same platform (such as a Navy ship). An examination of current policy shows that a new approach is needed to effectively extend the IA C&A process to aggregations of information systems and improve the security of DoD information systems. A number of recommendations are put forth to improve current IA policy and to enable the IA C&A of aggregations of DoD information systems that reside on a common platform
Also available via the Internet
Background and objective -- Growing challenges for the information assurance certification and accreditation of DoD Information Systems -- Overview of the current DoD information assurance certification and accreditation process -- Aggregation approach to DoD information assurance certification and accreditation -- Observations and recommended changes to DoD and Federal policy
Subject United States. Dept. of Defense -- Information resources management
United States. Dept. of Defense -- Information technology
Computer security -- United States -- Management
Cyberinfrastructure -- United States
Computer networks -- Security measures -- United States
Computer networks -- Certification -- United States
Computer networks -- Accreditation -- United States
Information technology -- Security measures -- United States
Information technology -- Certification -- United States
Information technology -- Accreditation -- United States
Alt Author Landree, Eric
National Defense Research Institute (U.S.)
Record:   Prev Next