New Partnership to Enhance Quality of Information Security

In a move to assist U.S. information security technology producers in achieving international competitiveness, the Commerce Department's National Institute of Standards and Technology and the National Security Agency today signed a letter of partnership establishing the National Information Assurance Partnership (NIAP). This initiative is expected to break new ground by providing both independent evaluators and product producers with objective measures for evaluating the quality and security of these products. In turn, this should result in increased consumer confidence in evaluated information security products.

Additional details and projects will be discussed at the NIAP grand opening in October as part of the National Information Systems Security Conference at the Baltimore (Md.) Convention Center.

The partnership has several goals, including:

• promoting demand and investment in security-enhanced products;
• moving current evaluation and testing efforts from the federal government to accredited, private-sector laboratories; and
• fostering research and development in security tests, test methods and metrics.

Consumers need confidence and assurance in the products and technologies they use to protect valuable information. That confidence is bolstered when the products have been tested and certified by an independent organization. The NIST/NSA effort is designed to foster the creation of such organizations and the certification processes they will use. The partnership announced today will employ the latest techniques to develop product specification tools, testing methods and tests.

U.S. security product manufacturers and service providers stand to benefit from having their products recognized and accepted around the world. When testing labs in several nations use common, yet stringent, criteria to evaluate products, international acceptance and mutual recognition follow. The partnership will work closely with the NIST-administered National Voluntary Laboratory Accreditation Program to develop technical criteria that NVLAP or private-sector accreditors can use when they accredit testing labs.

The partnership also will encourage the establishment of accredited, private-sector laboratories. They will benefit from federal government technology transfer of security testing and evaluation capabilities.

An agency of the Commerce Department's Technology Administration, NIST promotes economic growth by working with industry to develop and apply technology, measurements and standards. Since 1972, NIST has played a vital role in protecting the security and integrity of information in computer systems in the public and private sectors. The Computer Security Act of 1987 reaffirmed NIST's leadership role in the federal government for the protection of unclassified information. NIST assists industry and government by promoting and supporting better security planning, technology, awareness and training.

The National Security Agency's information systems security or INFOSEC mission provides leadership, products, technical advice, and services to protect classified and unclassified national security systems against exploitation through interception, unauthorized access or related technical intelligence threats. .