ABSTRACT
Networked information technologies are changing the way the world interacts and the way industry, government, and other sectors do business. In the emerging electronic and global society, new electronic business (e-business) models are replacing traditional models propped up by trust built through personal interaction. With the proliferation of e-business powered by evolving network and information technology (IT) products, industry must earn consumer confidence by demonstrating that it has taken effective measures to protect the information being handled electronically. A key method of illustrating its commitment to safe transmission, processing, and storage of information is through validated, impartial, standards-based evaluations. Conducting such evaluations increases the confidence, or trust, that security features of network and information technology (IT) products are correctly and completely implemented and that these products behave as promised. Given the implications of vulnerabilities for the national economy and national security, the government has recognized the importance of safeguarding networks, particularly of critical national infrastructures. To promote an international marketplace for trusted, security-enhanced network and IT products, and in so doing protect its national interests, the U.S. Government formed the National Information Assurance Partnership (NIAP), a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). The NIAP program has seeded and is furthering the growth of a robust, state-of-the-art, commercial, security testing and evaluation industry. The NIAP is fielding a flexible national scheme to accredit private-sector security testing and evaluation laboratories and to oversee laboratory activities to ensure that security tests and evaluations are conducted in accordance with new, internationally recognized standards.
