Common Criteria?
Justin Townsend (Mr Justin Townsend)
townseju at CNRF.NOLA.NAVY.MIL
Wed Apr 19 20:13:53 GMT 2000
> Jeff DeMello wrote:
>The following paragraph is reality, it might not sound politically correct but here it is:
>There is NO government agency that has ever mandated C2 as an agency wide business >requirement. There is NO government agency that has ever mandated B1 as an agency >wide >business requirement. Indivdual programs within some agencies have mandated C2 or >B1, but >as I have stated before, by my experieces are usually waived or "adjusted" >somehow. As far >as I know, and correct me if I'm wrong, there is NO (U.S.) government >agency that has >mandated CAPP or LSPP.
Some informative(hopefully not blatantly well-known) input. I'm not sure how long this will take to filter down into the services, but the GIG(Global Information Grid) policy and memoranda http://cno-n6.hq.navy.mil/files.html specifes:
5.2. The Heads of DoD Components shall:
5.2.21. Acquire IA solutions that have been evaluated using the Common
Criteria Evaluation and Validation Scheme based on the National Information
Assurance Program (NIAP) process.
-G&PM Information Assurance
It doesn't really specify CAPP or LSPP, but NIAP's PP registry isn't up yet, and I haven't found too many others...
Justin Townsend
Information Security Engineer
ACS-Government Solutions Group
townseju at cnrf.nola.navy.mil
(504) 697-3518
!
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list