Standards & Certifications - Enabling SCRM for COTS
Supply Chain Risk Management is an important aspect of the National Security Agency’s policies and processes. The Department of Defense is increasingly dependent on commercial products that provide elements of our cybersecurity. As part of the agency’s Cybersecurity Collaboration Center, the Standards and Certifications Team plays a significant role in shaping the marketplace for these products across the lifecycle of development. Through its leadership in standards bodies (ensuring that critical security requirement are built into the standards that commercial products implement) and its leadership of the National Information Assurance Partnership (which sets the testing requirements for commercial products that protect classified information and systems,) the agency team establishes a baseline that products will be built to and tested against.
This presentation will provide an overview of NSA’s standards and certifications programs and highlight a few of the initiatives within the directorate for SCRM, and how the programs raise the level of security in commercial products that protect national security systems and the defense industrial base.