The National Security Agency has developed a new evaluation program, for the benefit of government and industry organizations seeking to improve the INFOSEC posture of their information systems and networks. This program, called the INFOSEC Assessment Training and Rating Program (IATRP) seeks to connect organizations in need of Information Technology vulnerability assessments with companies qualified to perform such assessments within the quality guidelines and standards defined by the program.
Seven companies agreed to have their INFOSEC vulnerability assessment capability appraised against NSA's INFOSEC Assessment Capability Maturity Model. All seven companies perform assessments using either the NSA-developed INFOSEC Assessment Methodology (IAM) or a similar assessment methodology. The participating companies include:
- Backbone Security.com;
- Booz-Allen & Hamilton;
- Computer Sciences Corporation (CSC);
- Electronic Data Systems (EDS);
- Lucent Technologies;
- SRA International; and,
- TrustWave (formerly NetSafe).
The long-term goal of the IATRP is to assist in the protection of sensitive information by increasing the information assurance levels of our National and Defense Information Infrastructures. The program will also enable compliance with the Presidential Decision Directive-63 (PDD-63) requirements for Vulnerability Assessments.
As the name implies, the IATRP has both training and rating components. The training portion of the program provides a standardized INFOSEC Assessment Methodology (IAM) to commercial service providers and government personnel. The rating portion of the program assigns a series of ratings to commercial assessment providers so that customers can judge whether a provider is capable of meeting its requirements. For additional information, visit NSA.gov.