DITEC (DoD-Centric and Independent Technology Evaluation Capability): A Process for Testing Security

Information Assurance (IA) is one of the Department of Defense's (DoD) top priorities today. IA technologies are constantly evolving to protect critical information from the growing number of cyber threats. Furthermore, DoD spends millions of dollars each year procuring, maintaining, and discontinuing various IA and Cyber technologies. Today, there is no process and/or standardized method for making informed decisions about which IA technologies are better/best. Due to this, efforts for selecting technologies go through very disparate evaluations that are often times non-repeatable and very subjective. DITEC (DoD-centric and Independent Technology Evaluation Capability) is a new capability that streamlines IA technology evaluation. DITEC defines a Process for evaluating whether or not a product meets DoD needs, Security Metrics for measuring how well needs are met, and a Framework for comparing various products that address the same IA technology area. DITEC seeks to reduce the time and cost of creating a test plan and expedite the test and evaluation effort for considering new IA technologies, consequently streamlining the deployment of IA products across DoD and increasing the potential to meet its needs.