?
Solved

HomeWork-Network Security Certification and Accreditation for commercial systems

Posted on 2011-03-20
2
Medium Priority
?
559 Views
Last Modified: 2012-06-27
Hello:
I am interested in learning how does the C&A, DIACAP processes improves commercial systems?
Please refer to assignment question below.

Question:
Do you think a formal process like Certification & Accreditation is appropriate to use for commercial systems in private industry (Why or Why Not)? What are the important parts of C&A to carry over to the commercial sector? Alternatively, what are some examples of  security review processes used in companies before putting a system into use. What are the pros and cons of this in contrast to Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)?
0
Comment
Question by:Sundayy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35182711
I would never, never run a DIACAP scan on a commercial network.  It would fail utterly.  DIACAP already knows that the DoD network would fail that same scan, thus the STIG Waiver process is in existance.  While there is certainly advantages to having your network independtly tested for networthiness, I would not use a DoD level scan as the benchmark to use.  First, your network would fail the test.  Second, if it passed, it would be unusable (DIACAP without Waiver doesn't allow for Exchange, SQL, AD, or most communications server to server).  

It has been a while since I have worked on a non-DoD network, so I am not certain what would be a good source for certification of networthiness on the private (commercial) sector.

DrUltima
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question