Solved

HomeWork-Network Security Certification and Accreditation for commercial systems

Posted on 2011-03-20
2
557 Views
Last Modified: 2012-06-27
Hello:
I am interested in learning how does the C&A, DIACAP processes improves commercial systems?
Please refer to assignment question below.

Question:
Do you think a formal process like Certification & Accreditation is appropriate to use for commercial systems in private industry (Why or Why Not)? What are the important parts of C&A to carry over to the commercial sector? Alternatively, what are some examples of  security review processes used in companies before putting a system into use. What are the pros and cons of this in contrast to Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)?
0
Comment
Question by:Sundayy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35182711
I would never, never run a DIACAP scan on a commercial network.  It would fail utterly.  DIACAP already knows that the DoD network would fail that same scan, thus the STIG Waiver process is in existance.  While there is certainly advantages to having your network independtly tested for networthiness, I would not use a DoD level scan as the benchmark to use.  First, your network would fail the test.  Second, if it passed, it would be unusable (DIACAP without Waiver doesn't allow for Exchange, SQL, AD, or most communications server to server).  

It has been a while since I have worked on a non-DoD network, so I am not certain what would be a good source for certification of networthiness on the private (commercial) sector.

DrUltima
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question