[ISN] Last part of security strategy released

[InfoSec News]

http://www.fcw.com/fcw/articles/2004/0419/web-ncsp-04-19-04.asp

By Florence Olsen 
April 19, 2004

A cybersecurity task force recommended improvements today to a variety 
of technical standards and practices. 

Organized by the National Cyber Security Partnership, the task force 
issued a 104-page report with recommendations for the federal 
government and industry [1]. The report is the last of five documents 
prepared by industry and academic experts on the President's National 
Strategy to Secure Cyberspace, a general blueprint for improving the 
nation's cybersecurity readiness.

The task force members called for what they said were needed 
improvements to the consumer- and vendor-oriented software security 
testing program operated by the National Institute of Standards and 
Technology and the National Security Agency.

The report recommends that NIST receive an initial $12 million in new 
appropriations and $6 million in following years for developing 
security requirements for specific classes of products such as 
intrusion-detection systems and virtual private networks.

Other steps outlined in the report include making vendors responsible 
for shipping software products with more of their security features 
enabled and having the federal government mandate 
software-vulnerability analysis as a condition of procurement. The 
group also recommended that industry groups work together to develop a 
well-defined set of technical standards for designing secure IP 
networks.

Leaders of the Technical Standards and Common Criteria Task Force were 
Mary Ann Davidson of Oracle Corp., Chris Klaus of Internet Security 
Systems Inc. and Edward Roback of NIST.

[1] http://www.cyberpartnership.org/TF4TechReport.pdf