NSA and NIST complete profiles for security needs

NSA and NIST complete profiles for security needs

The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development.

The Protection Profiles, when completed, will be included in the evaluation process for Common Criteria certification of IT security products.

"There are going to be a lot of profiles coming out in the next six months," said Rex Myers, NSA security architect.

Myers made his comments today at the Federal Information Assurance Conference at the University of Maryland.

Protection Profile development began about two years ago as a cooperative program between NIST, which develops standards for nonclassified IT products, and NSA, which handles requirements for the classified and intelligence community. Because the Common Criteria program only evaluates IT products against the manufacturer's claims, without required security specifications, the Protection Profiles will give users a way to determine how robust a product's security features are.

The profiles specify three levels of security: basic, medium and high.

"We don't see a big need right now for the high level," said Stu Katzke, a senior research scientist at NIST. "We have been focusing most of our attention on the basic and medium levels."

The medium level is considered adequate for mission-critical systems handling nonclassified information.

Some Protection Profiles have been approved for operating systems, firewalls, intrusion detection systems, tokens and public-key infrastructures. Profiles are expected by the middle of 2003 for wireless systems, Web browsers, databases, virtual private networks and biometric products.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected