DOD must fix product security evaluation process, officials say (Federal Computer Week 1/22/08)

The Defense Department’s process for evaluating products to ensure they meet the agency’s information technology security requirements is broken. But senior DOD leaders say a fix is on the way.

The Defense Department’s process for evaluating products to ensure they meet the agency’s information technology security requirements is broken. But senior DOD leaders say a fix is on the way.

Richard Hale, the Defense Information Systems Agency’s chief of information assurance, said the services too often analyze products after they have been certified by the National Information Assurance Partnership (NIAP), which is run by the National Security Agency.

“We tried to come up with a single evaluation process for everyone, but NIAP hasn’t done what we wanted it to do,” Hale said today during a lunch discussion sponsored by AFCEA’s Washington chapter in Arlington, Va. “We would want a single entity to approve for all of DOD and maybe the intelligence community.”   For the full article, click: http://www.fcw.com/online/news/151395-1.html