did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780833049483

Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

by ; ; ;
  • ISBN13:

    9780833049483

  • ISBN10:

    0833049488

  • Format: Paperback
  • Copyright: 2010-05-16
  • Publisher: RAND Corporation
  • Purchase Benefits
List Price: $20.00

Summary

The challenges associated with securing U.S. Department of Defense (DoD) information systems have grown as the department's information infrastructure has become more complex and interconnected. At the same time, the potential negative consequences associated with cyber intrusions have become more severe. Are current information assurance (IA) policies and procedures sufficient to address this growing threat, and are they able to address vulnerability issues associated with highly networked information systems? The current IA certification and accreditation (CA) process focuses on individual, discrete systems or components of larger, aggregated information systems and networks that are colocated or operate on the same platform (such as a Navy ship). An examination of current policy shows that a new approach is needed to effectively extend the IA CA process to aggregations of information systems and improve the security of DoD information systems. A number of recommendations are put forth to improve current IA policy and to enable the IA CA of aggregations of DoD information systems that reside on a common platform. Book jacket.

Table of Contents

Prefacep. iii
Figuresp. vii
Tablesp. ix
Summaryp. xi
Acknowledgmentsp. xvii
Abbreviationsp. xix
Background and Objectivep. 1
Backgroundp. 1
Objectivep. 4
Organization of This Monographp. 5
Growing Challenges for the Information Assurance Certification and Accreditation of DoD Information Systemsp. 7
Software Complexityp. 7
Increasing Software Vulnerabilities and Malware Populationp. 9
Limitations of Automated Software Review Toolsp. 11
Challenge of Incremental Program Developmentp. 11
Increasing Scrutiny of Programsp. 12
System Interdependence and Interconnectednessp. 12
Configuration Management and System Administrationp. 13
Overview of the Current DoD Information Assurance Certification and Accreditation Processp. 15
DIACAP Activities and Scopep. 15
Definition of a DoD Information Systemp. 16
DIACAP Validation Activities and Resultsp. 17
Aggregation Approach to DoD Information Assurance Certification and Accreditationp. 19
Degrees of Aggregationp. 19
Potential DIACAP Policy Issuesp. 23
Initiate and Plan Information Assurance Certification and Accreditationp. 23
Implement and Validate Information Assurance Controlsp. 24
Decommissionp. 27
Potential DIACAP Implementation Difficulties for Aggregate Information Systemsp. 28
Initiate and Plan Information Assurance Certification and Accreditationp. 28
Implement and Validate Information Assurance Controlsp. 28
Make Certification Determination and Accreditation Decisionsp. 29
Maintain Authorization to Operate and Conduct Reviewsp. 36
Balancing Transparency and Reporting Requirementsp. 36
Information System Information Assurance Pedigreep. 37
Observations and Recommended Changes to DoD and Federal Policyp. 41
Policy Recommendationsp. 42
Implementation Recommendationsp. 44
A Suggested Partial IA Aggregation Approachp. 45
Appendixes
DIACAP System Identification Profilep. 47
Definitions of MAC, CL, and MCp. 53
Referencesp. 57
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program