|
Department of Defense (DoD) Information Technology (IT) systems operate in an environment different from
the commercial world, the differences arise from the differences in the types of attacks, the interdependencies between
DoD software systems, and the reliance upon commercial software to provide basic capabilities. The challenge that we
face is determining how to specify the information assurance requirements for a system without requiring changes to
the commercial software and in light of the interdependencies between systems.
As a result of the interdependencies and interconnections between systems introduced by the global
information grid (GIG), an assessment of the IA requirements for a system must consider three facets of a system's IA
capabilities: 1) the IA vulnerabilities of the system, 2) the ability of a system to repel IA attacks, and 3) the ability of a
system to insure that any IA attack that penetrates the system is contained within the system and does not spread. Each
facet should be assessed independently and the requirements should be derived independently from the assessments. In
addition to the desired IA technology capabilities of the system, a complete assessment of the system's overall IA
security technology readiness level cannot be accomplished without an assessment of the capabilities required of the
system for its capability to recover from and remediate IA vulnerabilities and compromises. To allow us to accomplish
these three formidable tasks, we propose a general system architecture designed to separate the system's IA capabilities
from its other capability requirements; thereby allowing the IA capabilities to be developed and assessed separately
from the other system capabilities. The architecture also enables independent requirements specification,
implementation, assessment, measurement, and improvement of a system's IA capabilities without requiring
modification of the underlying application software.
|
