Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Does NSTISSP #11 apply to all components of a large system?

components large nstissp system
0
Posted

Does NSTISSP #11 apply to all components of a large system?

0 CommentsAdd a Comment

1 Answer

0

NSTISSP #11 applies to all IA and IA-enabled IT products in a given solution. Whether a component is considered an IA/IA-enabled IT component depends heavily on the nature of the architecture in which it is being placed. If the component is not “cognizant” of the security policy and has no security policy enforcement responsibilities (i.e. it is not required to make policy enforcement decisions or implement a security feature), it is not considered to be an IA/IA-enabled IT component and hence will not need to be validated. On the other hand, if the component is “cognizant” of the security policy and makes security decisions or implements security features, it is considered to be an IA/IA-enabled IT component and must be validated. To illustrate this, consider an architecture where an operating system may be required to enforce an access control policy because it is being used to separate multiple users from each other. In this case, the operating system is considered to be an IA-enabl

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123