Review of the National Information Assurance Partnership (NIAP)

Abstract : This study was mandated by the National Strategy to Secure Cyberspace which requires the federal government to conduct a comprehensive review of the National Information Assurance Partnership (NIAP) to determine the extent to which it is adequately addressing the continuing problem of security flaws in commercial software products. The NIAP is a joint effort of the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to provide technical leadership in the research and development of security-related information technology test methods and assurance techniques. The study reviewed the policy and requirements for cybersecurity, the current structure and functionality of the NIAP, and the expectations of the stakeholders. The study developed issues and recommendations and provided several options for pursuing cybersecurity programs that include all the elements necessary to establish an efficient and functional operational capability to strengthen the security of the software used in US systems and commercial software products.