论文信息 - Active Automation of the DITSCAP

Active Automation of the DITSCAP

The Defense Information Infrastructure (DII) connects Department of Defense (DoD) mission support, command and control, and intelligence computers and users through voice, data, imagery, video, and multimedia services, and provides information processing and value-added services. For such a critical infrastructure to effectively mitigate risk, optimize its security posture and evaluate its information assurance practices, we identify the need for a structured and comprehensive certification and accreditation (C&A) framework with appropriate tool support. In this paper, we present an active approach to provide effective tool support that automates the DoD Information Technology Security C&A Process (DITSCAP) for information networks in the DII.

Robin A. Gandhi | Gail-Joon Ahn | Seok Won Lee | Deepak S. Yavagal

[1] Ian Sommerville,et al. Requirements engineering with viewpoints , 1996, Softw. Eng. J..

[2] Robin A. Gandhi,et al. 1.2.1 Engineering Information Assurance for Critical Infrastructures: The DITSCAP Automation Study , 2005 .

[3] Marianne Swanson,et al. Security Self-Assessment Guide for Information Technology Systems , 2001 .

[4] Marianne Swanson,et al. Security metrics guide for information technology systems , 2003 .

[5] B. C. Vickery,et al. Ontologies , 1997, J. Inf. Sci..

[6] Austin Tate,et al. Guest Editors' Introduction: Ontologies , 1999 .

[7] Seok Won Lee,et al. Missing requirements and relationship discovery through proxy viewpoints model , 2004, SAC '04.