iatf纵深防御安全体系_纵深防御

1星需积分: 48 163 浏览量更新于2023-05-21 1 收藏 7.88MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源推荐

UNCLASSIFIED

Issued by: National Security Agency

Information Assurance Solutions

Technical Directors

Disclaimer:

This Information Assurance Technical Framework is the result of a collaborative effort by various organizations within the U.S.

Government and industry. This document captures security needs and potential technology solutions for information systems and networks.

The information contained in this document is provided for information purposes only.

This is not a solicitation for procurement. Rather, this document is intended to facilitate the coordination of the information systems

security needs of the U.S. Government and to offer security solution recommendations based on the collaborative efforts of the joint

Industry/Government Information Assurance Technical Framework Forum.

REPORT DOCUMENTATION PAGE

Form Approved

OMB No. 0704-0188

Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the

data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing

this burden to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-

4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently

valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS.

1. REPORT DATE (DD-MM-YYYY)

2. REPORT TYPE

3. DATES COVERED (From - To)

4. TITLE AND SUBTITLE

5a. CONTRACT NUMBER

5b. GRANT NUMBER

5c. PROGRAM ELEMENT NUMBER

6. AUTHOR(S)

5d. PROJECT NUMBER

5e. TASK NUMBER

5f. WORK UNIT NUMBER

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)

8. PERFORMING ORGANIZATION REPORT

NUMBER

9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S)

11. SPONSOR/MONITOR’S REPORT

NUMBER(S)

12. DISTRIBUTION / AVAILABILITY STATEMENT

13. SUPPLEMENTARY NOTES

14. ABSTRACT

15. SUBJECT TERMS

16. SECURITY CLASSIFICATION OF:

17. LIMITATION

OF ABSTRACT

18. NUMBER

OF PAGES

19a. NAME OF RESPONSIBLE PERSON

a. REPORT

b. ABSTRACT

c. THIS PAGE

19b. TELEPHONE NUMBER (include area

code)

Standard Form 298 (Re . 8-98) v

Prescribed by ANSI Std. Z39.18

September 2002

Information Assurance Technical Framework (IATF) Release 3.1

National Security Agency

Information Assurance Solutions

Technical Directors

National Security Agency

Information Assurance Solutions

Technical Directors

NSA

Distribution Statement A: Approved for Public Release; Distribution is Unlimited.

The Information Assurance Technical Framework (IATF) document was developed to help a broad

audience of users both define and understand their technical needs as well as to select approaches to

meet those needs. The intended audience includes system security engineers, customers, scientists,

researchers, product and service vendors, standards bodies, and consortia. The objectives of the IATF

include raising the awareness of information assurance (IA) technologies, presenting the IA needs of

information system (IS) users, providing guidance for solving IA issues, and highlighting gaps between

current IA capabilities and needs. Chapter 1 outlines the information infrastructure, the information

infrastructure boundaries, the IA framework areas, and general classes of threats. It then introduces the

Defense-in-Depth strategy and presents the overall organization of the IATF document.

915

UNCLASSIFIED

Foreword

IATF Release 3.1September 2002

UNCLASSIFIED

iii

Foreword

The Information Assurance Technical Framework (IATF) document, Release 3.1, provides

technical guidance for protecting the information infrastructures of the United States (U.S.)

Government and industry. The information infrastructure processes, stores, and transmits

information critical to the mission and business operations of an organization. This information

is protected through information assurance (IA) that addresses all the security requirements of

today's information infrastructure. IA relies on people, operations, and technology to

accomplish the mission/business and to manage the information infrastructure. Attaining robust

IA means implementing policies, procedures, techniques, and mechanisms at all layers of the

organization's information infrastructure.

The IATF defines the information system security engineering (ISSE) process for developing a

secure system. This process defines the principles, the activities, and the relationship to other

processes. Applying these principles results in layers of protection known collectively as the

Defense-in-Depth Strategy. The four major technology focus areas of the Defense-in-Depth

Strategy are to Defend the Network and Infrastructure, Defend the Enclave Boundary, Defend the

Computing Environment, and Defend Supporting Infrastructures.

The Defense-in-Depth Strategy has been broadly adopted. For example, within the U.S.

Department of Defense (DoD), the Global Information Grid (GIG) IA Policy and Implementation

Guidance was built around the strategy. This departmental-level policy document cites the IATF

as a source of information on technical solutions and guidance for the DoD IA implementation.

The following content in the IATF has been updated in Release 3.1:

• Chapter 2, Defense-in-Depth, incorporates the major elements of the Defense-in-Depth

Strategy.

• Chapter 3, Information Systems Security Engineering Process, refines the description of

the Information Systems Security Engineer (ISSE) process.

• Chapter 7, Defend the Computing Environment, Section 7.1, Security for System

Applications has been updated.

• A new appendix, Protection Needs Elicitation (PNE), has been added to detail the first

and most important activity in the ISSE process.

The IATF is a living document; the next release already is being planned. Many people provided

comments and recommendations on IATF Release 3.0; their comments helped define Release

3.1. Your suggestions, recommendations, and needs will define the next release—if we hear

from you.

We want and need your feedback.

剩余914页未读，继续阅读

mh245500

粉丝: 0
资源: 2

会员权益专享

iatf纵深防御安全体系

纵深防御 信息安全-西门子.zip

网络纵深防御与入侵防护系统

安全纵深防御2008系列之二 ： 纵深防御---微软整体安全解决方案概述

iatf16949质量管理体系详解与案例文件汇编

iatf16949质量体系标准电子版

信息安全领域IATF是什么

iatf16949汽车行业质量体系英文版

iatf16949汽车质量管理体系标准

安全领域IATF是什么

2019年全套iatf16949质量手册及程序文件网盘

怎么使用IATF16949

iatf 信息保障 pdf

iatf16949中英文对照版

iatf16949 培训下载

iatf16949 英文版

iatf16949标准下载

iatf16949思维导图

iatf16949:2016英文版

iatf16949标准最新完整版

IATF16949不符合整改

会员权益专享

最新资源

纵深防御信息安全-西门子.zip

安全纵深防御2008系列之二：纵深防御---微软整体安全解决方案概述