Accession Number : ADA606355

Title :   Information Assurance Technical Framework (IATF). Release 3.1

Corporate Author : NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE FORT MEADE MD

PDF Url : ADA606355

Report Date : Sep 2002

Pagination or Media Count : 915

Abstract : The Information Assurance Technical Framework (IATF) document, Release 3.1, provides technical guidance for protecting the information infrastructures of the United States (U.S.) Government and industry. The information infrastructure processes, stores, and transmits information critical to the mission and business operations of an organization. This information is protected through information assurance (IA) that addresses all the security requirements of today's information infrastructure. IA relies on people, operations, and technology to accomplish the mission/business and to manage the information infrastructure. Attaining robust IA means implementing policies, procedures, techniques, and mechanisms at all layers of the organization's information infrastructure. The IATF defines the information system security engineering (ISSE) process for developing a secure system. This process defines the principles, the activities, and the relationship to other processes. Applying these principles results in layers of protection known collectively as the Defense-in-Depth Strategy. The four major technology focus areas of the Defense-in-Depth Strategy are to Defend the Network and Infrastructure, Defend the Enclave Boundary, Defend the Computing Environment, and Defend Supporting Infrastructures. The Defense-in-Depth Strategy has been broadly adopted. For example, within the U.S. Department of Defense (DoD), the Global Information Grid (GIG) IA Policy and Implementation Guidance was built around the strategy. This departmental-level policy document cites the IATF as a source of information on technical solutions and guidance for the DoD IA implementation.

Descriptors :   *INFORMATION ASSURANCE, AVAILABILITY, BANDWIDTH, CLASSIFIED MATERIALS, COMPUTER ACCESS CONTROL, COMPUTER NETWORK SECURITY, COMPUTER NETWORKS, COMPUTER VIRUSES, COUNTERMEASURES, DATA STORAGE SYSTEMS, DEFENSE IN DEPTH, FIREWALLS(COMPUTERS), GLOBAL INFORMATION GRID, GUIDANCE, HACKING(COMPUTER SECURITY), INFORMATION SYSTEMS, INFRASTRUCTURE, INTEROPERABILITY, INTRUSION DETECTION(COMPUTERS), POLICIES, RISK ANALYSIS, TACTICAL DATA SYSTEMS, TECHNOLOGY ASSESSMENT, VULNERABILITY, WIRELESS COMMUNICATIONS, WIRELESS COMPUTER NETWORKS

Subject Categories : Computer Systems
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE