没有合适的资源?快使用搜索试试~ 我知道了~
首页iatf纵深防御安全体系
资源详情
资源推荐
UNCLASSIFIED
UNCLASSIFIED
Issued by: National Security Agency
Information Assurance Solutions
Technical Directors
Disclaimer:
This Information Assurance Technical Framework is the result of a collaborative effort by various organizations within the U.S.
Government and industry. This document captures security needs and potential technology solutions for information systems and networks.
The information contained in this document is provided for information purposes only.
This is not a solicitation for procurement. Rather, this document is intended to facilitate the coordination of the information systems
security needs of the U.S. Government and to offer security solution recommendations based on the collaborative efforts of the joint
Industry/Government Information Assurance Technical Framework Forum.
REPORT DOCUMENTATION PAGE
Form Approved
OMB No. 0704-0188
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the
data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing
this burden to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-
4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently
valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS.
1. REPORT DATE (DD-MM-YYYY)
2. REPORT TYPE
3. DATES COVERED (From - To)
4. TITLE AND SUBTITLE
5a. CONTRACT NUMBER
5b. GRANT NUMBER
5c. PROGRAM ELEMENT NUMBER
6. AUTHOR(S)
5d. PROJECT NUMBER
5e. TASK NUMBER
5f. WORK UNIT NUMBER
7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)
8. PERFORMING ORGANIZATION REPORT
NUMBER
9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S)
11. SPONSOR/MONITOR’S REPORT
NUMBER(S)
12. DISTRIBUTION / AVAILABILITY STATEMENT
13. SUPPLEMENTARY NOTES
14. ABSTRACT
15. SUBJECT TERMS
16. SECURITY CLASSIFICATION OF:
17. LIMITATION
OF ABSTRACT
18. NUMBER
OF PAGES
19a. NAME OF RESPONSIBLE PERSON
a. REPORT
b. ABSTRACT
c. THIS PAGE
19b. TELEPHONE NUMBER (include area
code)
Standard Form 298 (Re . 8-98) v
Prescribed by ANSI Std. Z39.18
September 2002
Information Assurance Technical Framework (IATF) Release 3.1
National Security Agency
Information Assurance Solutions
Technical Directors
National Security Agency
Information Assurance Solutions
Technical Directors
NSA
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.
The Information Assurance Technical Framework (IATF) document was developed to help a broad
audience of users both define and understand their technical needs as well as to select approaches to
meet those needs. The intended audience includes system security engineers, customers, scientists,
researchers, product and service vendors, standards bodies, and consortia. The objectives of the IATF
include raising the awareness of information assurance (IA) technologies, presenting the IA needs of
information system (IS) users, providing guidance for solving IA issues, and highlighting gaps between
current IA capabilities and needs. Chapter 1 outlines the information infrastructure, the information
infrastructure boundaries, the IA framework areas, and general classes of threats. It then introduces the
Defense-in-Depth strategy and presents the overall organization of the IATF document.
U
U
U
UU
915
UNCLASSIFIED
UNCLASSIFIED
ii
Please review and provide comments.
The Information Assurance Technical Framework is an evolving document. It will be ex-
panded and updated. For these changes to be most beneficial, your comments and sugges-
tions are needed. Please provide any comments or suggestions you care to make to:
IATF Manager
National Security Agency Telephone: (410) 854-7302
9800 Savage Road (SAB 3), Suite 6730 Fax: (410) 854-7508
Fort Meade, Maryland 20755-6730 E-mail: webmaster@iatf.net
UNCLASSIFIED
Foreword
IATF Release 3.1September 2002
UNCLASSIFIED
iii
Foreword
The Information Assurance Technical Framework (IATF) document, Release 3.1, provides
technical guidance for protecting the information infrastructures of the United States (U.S.)
Government and industry. The information infrastructure processes, stores, and transmits
information critical to the mission and business operations of an organization. This information
is protected through information assurance (IA) that addresses all the security requirements of
today's information infrastructure. IA relies on people, operations, and technology to
accomplish the mission/business and to manage the information infrastructure. Attaining robust
IA means implementing policies, procedures, techniques, and mechanisms at all layers of the
organization's information infrastructure.
The IATF defines the information system security engineering (ISSE) process for developing a
secure system. This process defines the principles, the activities, and the relationship to other
processes. Applying these principles results in layers of protection known collectively as the
Defense-in-Depth Strategy. The four major technology focus areas of the Defense-in-Depth
Strategy are to Defend the Network and Infrastructure, Defend the Enclave Boundary, Defend the
Computing Environment, and Defend Supporting Infrastructures.
The Defense-in-Depth Strategy has been broadly adopted. For example, within the U.S.
Department of Defense (DoD), the Global Information Grid (GIG) IA Policy and Implementation
Guidance was built around the strategy. This departmental-level policy document cites the IATF
as a source of information on technical solutions and guidance for the DoD IA implementation.
The following content in the IATF has been updated in Release 3.1:
• Chapter 2, Defense-in-Depth, incorporates the major elements of the Defense-in-Depth
Strategy.
• Chapter 3, Information Systems Security Engineering Process, refines the description of
the Information Systems Security Engineer (ISSE) process.
• Chapter 7, Defend the Computing Environment, Section 7.1, Security for System
Applications has been updated.
• A new appendix, Protection Needs Elicitation (PNE), has been added to detail the first
and most important activity in the ISSE process.
The IATF is a living document; the next release already is being planned. Many people provided
comments and recommendations on IATF Release 3.0; their comments helped define Release
3.1. Your suggestions, recommendations, and needs will define the next release—if we hear
from you.
We want and need your feedback.
UNCLASSIFIED
Foreword
IATF Release 3.1September 2002
UNCLASSIFIED
iv
We ask that you send us your comments, reactions, criticism, recommended changes, noted
omissions, and any suggestions that will make this document more useful to you. Please send
your suggestions to webmaster@iatf.net
. We also encourage you to visit the IATF Forum Web
site (http://www.iatf.net
) often. There you will be able to see the next release of the IATF
unfolding, to review new and draft sections, to access contributor’s resources, and, again, to give
us your feedback. The objective of the IATF is to be a useful document for you. Please let us
know how we did.
Recently, we have drafted Cooperative Research and Development Agreements (CRADA) for
contributors who may prepare articles, papers, or other submissions for inclusion in the IATF.
The CRADA is located on the contributor’s page of the IATF Forum Web site.
On behalf of all the contributors of the Information Assurance Technical Framework—
Release 3.1 and its predecessors—our thanks to the many people who reviewed and commented
on the documents. Thanks also go to the many speakers and panelists of the IATF Forum
sessions and the past Network Security Framework Forum sessions for sharing their valuable
insights on the security architectures, standards, and solutions that industry and government are
bringing to bear on the complex challenge of information assurance.
Cynthia Frederick
IATF Technical Director
剩余914页未读,继续阅读
mh245500
- 粉丝: 0
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- zigbee-cluster-library-specification
- JSBSim Reference Manual
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功