Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: NSA to take lead on Defense info assurance

NSA to take lead on Defense info assurance

From: InfoSec News <isn_at_c4i.org>
Date: Thu, 16 Dec 2004 01:02:03 -0600 (CST)

http://gcn.com/vol1_no1/daily-updates/31383-1.html

By Dawn S. Onley
GCN Staff
12/15/04

The National Security Agency is filling a new role in the Defense
Department: leading the information assurance path DOD takes to
becoming a network-centric workplace.

The new assignment is based on security work the agency did for DOD a
few months ago building a security component for the Global
Information Grid, said Priscilla E. Guthrie, deputy Defense CIO.

"We asked NSA to build an IA architecture. NSA did a
knock-your-socks-off job of doing this," Guthrie said today at a lunch
the American Council for Technology and Industry Advisory Council
sponsored in Arlington, Va.

The IA component calls for integrating security into the GIG by, among
other things, authenticating credentials and security clearances. The
plan also calls for the use of some form of user token for the
security architecture.

Recently, DOD asked the agency to take the lead for information
assurance initiatives across the department, Guthrie said, although
that doesn't mean NSA will build everything or own all of the IA
dollars.

NSA will put together a GIG Information Assurance Portfolio so DOD can
have a go-to agency if portions of the grid lack adequate security,
Guthrie said.

"NSA will deliver a vision for what it's going to take to secure the
environment," she said. "Some have asked me, "Why NSA? They don't have
the skill set." I don't know a better construct for the department.
This is a blueprint for us to effect this broad IA environment."

Guthrie also said the Pentagon is getting out of the business of
application integration and moving more toward data-level integration.

"If you only do integration of applications, I hope we put you out of
business," Guthrie told the executives gathered at the lunch. "You
must separate data from apps. If they are not separable, we don't want
you in the department."

_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
Received on Dec 16 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]