Solved

HomeWork-Network Security Certification and Accreditation for commercial systems

Posted on 2011-03-20
2
549 Views
Last Modified: 2012-06-27
Hello:
I am interested in learning how does the C&A, DIACAP processes improves commercial systems?
Please refer to assignment question below.

Question:
Do you think a formal process like Certification & Accreditation is appropriate to use for commercial systems in private industry (Why or Why Not)? What are the important parts of C&A to carry over to the commercial sector? Alternatively, what are some examples of  security review processes used in companies before putting a system into use. What are the pros and cons of this in contrast to Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)?
0
Comment
Question by:Sundayy
2 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35182711
I would never, never run a DIACAP scan on a commercial network.  It would fail utterly.  DIACAP already knows that the DoD network would fail that same scan, thus the STIG Waiver process is in existance.  While there is certainly advantages to having your network independtly tested for networthiness, I would not use a DoD level scan as the benchmark to use.  First, your network would fail the test.  Second, if it passed, it would be unusable (DIACAP without Waiver doesn't allow for Exchange, SQL, AD, or most communications server to server).  

It has been a while since I have worked on a non-DoD network, so I am not certain what would be a good source for certification of networthiness on the private (commercial) sector.

DrUltima
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
The Quality Assurance engineer of an Agile scrum team must "own" the acceptance criteria for sprint tasks.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now