Keynote:The Nsa Information Assurance Directorate And The National Security Community presented at Blackhat USA 2007

by Tony Sager,

Tags: Security Community

Summary : The Information Assurance Directorate
(IAD) within the National Security Agency (NSA) is charged in part with
providing security guidance to the national security community. Within
the IAD, the Vulnerability Analysis and Operations (VAO) Group
identifies and analyzes vulnerabilities found in the technology,
information, and operations of the Department of Defense (DoD) and our
other federal customers. This presentation will highlight some of the
ways that the VAO Group is translating vulnerability knowledge in
cooperation with many partners, into countermeasures and solutions that
scale across the entire community. This includes the development and
release of security guidance through the NSA public website( sponsorship of a number of community events like the Cyber Defense
Initiative and the Red Blue Symposium. It also includes support for, or
development of, open standards for vulnerability information (like CVE,
the standard naming scheme for vulnerabilities); the creation of the
extensible Configuration Checklist Description Format (XCCDF) to
automate the implementation and measurement of security guidance; and
joint sponsorship, with the National Institute of Standards and
Technology (NIST) and the Defense Information Systems Agency (DISA), of
the Information Security Automation Program (ISAP), to help security
professionals automate security compliance and manage vulnerabilities.