IDS mailing list archives
Re: [IDS] IDS Common Criteria
From: Randy Taylor <gnu () charm net>
Date: Tue, 07 Jan 2003 18:49:52 -0500
At 11:00 PM 1/7/2003 +0000, Talisker wrote:
Sadly within the public sector installing an IDS isn't merely a question of having sufficient resources to achieve the objective, there are also a plethora of political and accreditation issues to overcome. CC can help to surmount many of the bureaucratic mountains that lie in the way. I don't agree with it, but it's a fact of life, I can't see another way until common sense prevails. Unfortunately public sector and common sense rarely walk hand in hand.
You've hit the hidden nail pretty close to its head. The U.S Government public sector now requires significant Certification and Accreditation (C&A) efforts for any new infrastructure being stood up and it is in the process of introducing C&A into existing infrastructure. CC product certifications are an integral part of the C&A process now, and they're not going away.The U.S. Military has been doing C&A on their critical infrastructure for as long
as I can remember. The point is that post 9/11 pretty much -everything- in theU.S. .gov and .mil network domains is being identified as critical infrastructure.
From the outside-in view, CC and it's C&A parent are bureaucratic at best and Byzantine at worst. In the projects I'm involved with these days, I spend as much time on C&A issues as I do on technical issues. I'm seeing the process from the inside. It does get mind-bogglingly complex sometimes, and everyone I know that's involved relieves the pressure with an occasional witty rant or two. My previous humorous comments aside though, C&A has identified weakness in infrastructure that would have escaped detection otherwise. C&A has this annoying habit of working. Sure, the overall process can be improved, and I'm sure it will - but it does what it's supposed to do now. From a structural security perspective, C&A is essential. I wouldn't be surprised to see the commercial sector adopt C&A processes and demand CC certs in the next year or two.
just my 2c take care -andy
8) Randy
Current thread:
- IDS Common Criteria Talisker (Jan 06)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Talisker (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- RE: [IDS] IDS Common Criteria Greg van der Gaast (Jan 08)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- <Possible follow-ups>
- RE: IDS Common Criteria Greenspan, Howard (Jan 07)
- RE: IDS Common Criteria Alan Shimel (Jan 07)
- RE: IDS Common Criteria Joseph M Hoffman (Jan 07)