Why is NSTISSP #11 so important?
NSTISSP #11 is a critical policy component of the U.S. Government’s overall Information Assurance (IA) strategy. A wide variety of products are available to satisfy a diversity of security requirements to include providing confidentiality for data, as well as authenticating the identities of individuals or organizations exchanging sensitive information. In terms of design, quality and performance, these products run the gamut from “terrific to terrible”. It is imperative that policies and processes be established to validate the performance claims of marketed IA products, and to ensure that these products are responsive to the security needs of the intended user. In the context of national security systems and information, these requirements take on added significance and importance. NSTISSP #11 is a binding, national policy requirement. Acquirers, users and vendors of IA products are encouraged to familiarize themselves with the policy and its associated processes, and to ensure, effe
Related Questions
- My organization negotiates indefinite delivery/indefinite quantity (ID/IQ) agreements with vendors. How does NSTISSP #11 COTS testing requirements apply to these types of arrangements?
- Do SABI/TSABI approved COTS IA/IA-enabled IT products qualify as "validated" under NSTISSP #11?
- Is there an NSTISSP #11 waiver process?
