National Information Assurance Program, 35036-35042 [07-3114]
Download as PDF
<![CDATA[
35036
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
national importance of fostering
technological innovation based upon
solid science, resulting in commercially
successful products and services.
On March 2, 2007, the Technology
Administration published a notice of
solicitation for nominees for the 2007
National Medal of Technology. The
original deadline for nominees was May
31, 2007. Due to server problems
encountered during the submission
period, which resulted in the inability
for some nomination packages to be
submitted before the deadline, the
Technology Administration is extending
the deadline from May 31, 2007, to July
18, 2007. Nomination packages
submitted and received between May
31, 2007 and June 26, 2007 are deemed
to be timely. All other program
requirements and information published
in the original solicitation remain
unchanged.
Eligibility and Criteria: Information on
eligibility and nomination criteria is
provided on the Nominations
Guidelines Form at https://
www.technology.gov/medal. Applicants
who do not have internet access should
contact Connie Chang, Research
Director, Technology Administration at
the e-mail address or telephone number
above to request this information.
Dated: June 15, 2007.
Robert C. Cresanti,
Under Secretary for Technology, U.S.
Department of Commerce.
[FR Doc. E7–12327 Filed 6–25–07; 8:45 am]
BILLING CODE 3510–18–P
DEPARTMENT OF DEFENSE
Office of the Secretary
Advisory Committee Meetings
Defense Science Board.
Notice of Advisory Committee
Meetings.
AGENCY:
jlentini on PROD1PC65 with NOTICES
ACTION:
SUMMARY: The Defense Science Board
2007 Summer Study on Challenges to
Military Operations in Support of
National Interests will meet in closed
session on August 6–16, 2007; at the
Beckman Center, Irvine, CA.
The mission of the Defense Science
Board is to advise the Secretary of
Defense and the Under Secretary of
Defense for Acquisition, Technology &
Logistics on scientific and technical
matters as they affect the perceived
needs of the Department of Defense. At
this meeting, the Board will review
previous and ongoing studies regarding
stressing wars; identify defining
parameters for challenges to military
VerDate Aug<31>2005
17:07 Jun 25, 2007
Jkt 211001
operations; assess capability gaps; and
identify possible solutions.
In accordance with section 10(d) of
the Federal Advisory Committee Act,
Pub. L. 92–463, as amended (5 U.S.C.
App. 2) and 41 CFR 102–3.155, the
Department of Defense has determined
that these Defense Science Board
Summer Study meeting will be closed to
the public. Specifically, the Under
Secretary of Defense (Acquisition,
Technology and Logistics), with the
coordination of the DoD Office of
General Counsel, has determined in
writing that all sessions of these
meetings will be closed to the public
because they will be concerned
throughout with matters listed in 5
U.S.C. 552b(c)(1).
Interested persons may submit a
written statement for consideration by
the Defense Science Board, Individuals
submitting a written statement must
submit their statement to the Designated
Federal Official at the address detailed
below, at any point, however, if a
written statement is not received at least
10 calendar days prior to the meeting,
which is the subject of this notice, then
it may not be provided to or considered
by the Defense Science Board. The
Designated Federal Official will review
all timely submissions with the Defense
Science Board Chairperson, and ensure
they are provided to members of the
Defense Science Board before the
meeting that is the subject of this notice.
FOR FURTHER INFORMATION CONTACT: Ms.
Debra Rose, Executive Officer, Defense
Science Board, 3140 Defense Pentagon,
Room 3C553, Washington, DC 20301–
3140, via e-mail at debra.rose@osd.mil,
or via phone at (703) 571–0084.
Dated: June 20, 2007.
C.R. Choate,
Alternate OSD Federal Register Liaison
Officer, Department of Defense.
[FR Doc. 07–3111 Filed 6–25–07; 8:45 am]
BILLING CODE 5001–06–M
DEPARTMENT OF DEFENSE
Office of the Secretary
[DoD–2007–OS–0066]
National Information Assurance
Program
Department of Defense;
National Security Agency.
ACTION: Notice of new fees.
AGENCY:
SUMMARY: Section 933 of Pub. L. 109–
364, the John Warner National Defense
Authorization Act for Fiscal Year 2007,
provides that the Director, National
Security Agency, may collect charges for
PO 00000
Frm 00008
Fmt 4703
Sfmt 4703
evaluating, certifying, or validating
information assurance products under
the National Information Assurance
Program (NIAP) or successor program.
Table A sets forth the Fee-For-Service
rates that will be assessed to NIAP
accredited commercial Common Criteria
Testing Labs (CCTLs) for ‘‘validation’’
services performed by NIAP validator
personnel on information technology
(IT) security products being evaluated
by the NIAP CCTLs pursuant to the
Common Criteria Evaluation and
Validation Scheme (CCEVS).
DATES: Comments must be received on
or before August 27, 2007. Do not
submit comments directly to the point
of contact or mail your comments to any
address other than what is shown
below. Doing so will delay the posting
of the submission.
ADDRESSES: You may submit comments,
identified by docket number and or RIN
number and title, by any of the
following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Mail: Federal Docket Management
System Office, 1160 Defense Pentagon,
Washington, DC 20301–1160.
Instructions: All submissions received
must include the agency name and
docket number or Regulatory
Information Number (RIN) for this
Federal Register document. The general
policy for comments and other
submissions from members of the public
is to make these submissions available
for public viewing on the Internet at
https://regulations.gov as they are
received without change, including any
personal identifiers or contact
information.
FOR FURTHER INFORMATION CONTACT:
Audrey M. Dale, 410–854–4458.
SUPPLEMENTARY INFORMATION: NSA and
the National Institute of Standards and
Technology (NIST) formed the NIAP in
order to promote information security in
various ways, including the evaluation
of IT security products. Commercial IT
security product vendors initiate the
NIAP evaluation process through
submission of their IT security product
to a nationally accredited commercial
CCTL for evaluation against the
internationally recognized Common
Criteria (CC) Standard for Information
Technology Security Evaluation (ISO
Standard 15408). NIAP evaluation is
voluntary for IT security products that
are acquired by United States
Government (USG) civil agencies and
non-USG entities, but as per National
Security Telecommunications &
Information Systems Security Policy
(NSTISSP) No. 11, mandatory for IT
E:\FR\FM\26JNN1.SGM
26JNN1
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
jlentini on PROD1PC65 with NOTICES
security products purchased for use on
systems that process national security
information. Additionally, per DoD
Instruction 8500.2 the DoD mandates
the use of CC or NIAP evaluated IT
security products on all DoD networks.
Evaluations are conducted by NIAP
accredited commercial CCTLs, with
oversight provided by NIAP validator
personnel who are NSA government
employees, Federally Funded Research
& Development Center (FFRDCs)
personnel or contractors. Prior to the
enactment of Sec 933, NSA paid for all
validation costs. Sec 933 shifts the costs
for this validation oversight from NSA
to the commercial CCTLs (who may, in
turn, will pass these fees onto the
product vendors seeking NIAP
evaluation of their IT security products).
This change will ensure that NIAP can
keep pace with the commercial demand
for IT security product evaluations and
will not be constrained by NSA’s
program budget for validation services.
Fee Schedule: TABLE A delineates
the NIAP Validation Oversight Fee
Schedule which will be assessed to
CCTLs for validation services provided
in support of their NIAP evaluations.
Fees are predicated on a per hourly
basis by validator skill type and are a
function of the Evaluation Assurance
Levels (EALs) along with the type and
complexity of the product technology.
The CC standard used for NIAP
evaluations is broken down into
increasingly more rigorous Evaluation
VerDate Aug<31>2005
17:28 Jun 25, 2007
Jkt 211001
Assurance Levels (EALs) beginning at
EAL 1 and moving up to the highest
possible assurance at EAL 7.
The two primary factors used in
developing the Validation Fee
Schedules were the EALs of the
evaluations and the complexity (simple,
moderately complex, and complex) of
the product being evaluated. Higher
EALs require more rigorous and thus
more costly evaluations. More complex
products typically take more time to
analyze resulting in longer and more
costly evaluations. The complexity
factor takes into account size of the
product in terms of lines of code but
must also reflect the fact that new
technologies will require additional
analysis. Simple products would
include basic routers, switches or file
encryptors. Products of moderate
complexity would include simple
firewalls or general application
software. Complex products would
include standard operating systems and
new/unique IA products or
technologies.
While validation oversight occurs
throughout the course of an evaluation,
the majority of this oversight is focused
on Validation Oversight Reviews
(VORs). These reviews take place at
critical points during the evaluation.
Evaluations require Initial, Test and
Final VORs. The VOR process typically
consists of three phases: the preparation
phase where validators review
documents pertaining to that specific
PO 00000
Frm 00009
Fmt 4703
Sfmt 4703
35037
VOR, the actual VOR meeting (attended
by the validators and lab personnel),
and the Issue Resolution and Wrap-Up
phase. During this final phase all
relevant issues are addressed by the
CCTL then the VOR report is finalized.
At EAL 3s and above, witnessing of
testing by validator personnel may also
be required.
An additional factor that will affect
the validation oversight costs is the
length of the evaluation since monthly
validation fees will be applied to cover
validator coordination and guidance
costs throughout the course of the
evaluation.
The final section of the fee schedule
depicts costs for assurance maintenance
which is the process vendors use to
maintain the currency of their product
evaluations. Vendors submit rationale
for why changes to their product did not
impact their evaluated product’s
security. The vendor proposals are
reviewed by a NIAP senior validator
who determines if their rationale is
sound and makes a recommendation to
NIAP management who then renders a
verdict on the vendor assurance
maintenance proposal.
Dated June 19, 2007.
L.M. Bynum,
Alternate OSD Federal Register Liaison
Officer, DoD.
BILLING CODE 5001–06–P
E:\FR\FM\26JNN1.SGM
26JNN1
VerDate Aug<31>2005
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
17:07 Jun 25, 2007
Jkt 211001
PO 00000
Frm 00010
Fmt 4703
Sfmt 4725
E:\FR\FM\26JNN1.SGM
26JNN1
EN26JN07.000</GPH>
jlentini on PROD1PC65 with NOTICES
35038
VerDate Aug<31>2005
17:07 Jun 25, 2007
Jkt 211001
PO 00000
Frm 00011
Fmt 4703
Sfmt 4725
E:\FR\FM\26JNN1.SGM
26JNN1
35039
EN26JN07.001</GPH>
jlentini on PROD1PC65 with NOTICES
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
VerDate Aug<31>2005
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
17:07 Jun 25, 2007
Jkt 211001
PO 00000
Frm 00012
Fmt 4703
Sfmt 4725
E:\FR\FM\26JNN1.SGM
26JNN1
EN26JN07.002</GPH>
jlentini on PROD1PC65 with NOTICES
35040
VerDate Aug<31>2005
17:07 Jun 25, 2007
Jkt 211001
PO 00000
Frm 00013
Fmt 4703
Sfmt 4725
E:\FR\FM\26JNN1.SGM
26JNN1
35041
EN26JN07.003</GPH>
jlentini on PROD1PC65 with NOTICES
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
35042
Federal Register / Vol. 72, No. 122 / Tuesday, June 26, 2007 / Notices
DEPARTMENT OF ENERGY
jlentini on PROD1PC65 with NOTICES
BILLING CODE 5001–06–C
Office of Science; Fusion Energy
Sciences Advisory Committee
AGENCY:
ACTION:
VerDate Aug<31>2005
17:07 Jun 25, 2007
Jkt 211001
PO 00000
Department of Energy.
Notice of open meeting.
Frm 00014
Fmt 4703
Sfmt 4703
SUMMARY: This notice announces a
meeting of the Fusion Energy Sciences
Advisory Committee. The Federal
Advisory Committee Act (Pub. L. 92–
463, 86 Stat. 770) requires that public
notice of these meetings be announced
in the Federal Register.
E:\FR\FM\26JNN1.SGM
26JNN1
EN26JN07.004</GPH>
[FR Doc. 07–3114 Filed 6–25–07; 8:45 am]
]]>Agencies
[Federal Register Volume 72, Number 122 (Tuesday, June 26, 2007)]
[Notices]
[Pages 35036-35042]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-3114]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[DoD-2007-OS-0066]
National Information Assurance Program
AGENCY: Department of Defense; National Security Agency.
ACTION: Notice of new fees.
-----------------------------------------------------------------------
SUMMARY: Section 933 of Pub. L. 109-364, the John Warner National
Defense Authorization Act for Fiscal Year 2007, provides that the
Director, National Security Agency, may collect charges for evaluating,
certifying, or validating information assurance products under the
National Information Assurance Program (NIAP) or successor program.
Table A sets forth the Fee-For-Service rates that will be assessed to
NIAP accredited commercial Common Criteria Testing Labs (CCTLs) for
``validation'' services performed by NIAP validator personnel on
information technology (IT) security products being evaluated by the
NIAP CCTLs pursuant to the Common Criteria Evaluation and Validation
Scheme (CCEVS).
DATES: Comments must be received on or before August 27, 2007. Do not
submit comments directly to the point of contact or mail your comments
to any address other than what is shown below. Doing so will delay the
posting of the submission.
ADDRESSES: You may submit comments, identified by docket number and or
RIN number and title, by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Federal Docket Management System Office, 1160
Defense Pentagon, Washington, DC 20301-1160.
Instructions: All submissions received must include the agency name
and docket number or Regulatory Information Number (RIN) for this
Federal Register document. The general policy for comments and other
submissions from members of the public is to make these submissions
available for public viewing on the Internet at https://regulations.gov
as they are received without change, including any personal identifiers
or contact information.
FOR FURTHER INFORMATION CONTACT: Audrey M. Dale, 410-854-4458.
SUPPLEMENTARY INFORMATION: NSA and the National Institute of Standards
and Technology (NIST) formed the NIAP in order to promote information
security in various ways, including the evaluation of IT security
products. Commercial IT security product vendors initiate the NIAP
evaluation process through submission of their IT security product to a
nationally accredited commercial CCTL for evaluation against the
internationally recognized Common Criteria (CC) Standard for
Information Technology Security Evaluation (ISO Standard 15408). NIAP
evaluation is voluntary for IT security products that are acquired by
United States Government (USG) civil agencies and non-USG entities, but
as per National Security Telecommunications & Information Systems
Security Policy (NSTISSP) No. 11, mandatory for IT
[[Page 35037]]
security products purchased for use on systems that process national
security information. Additionally, per DoD Instruction 8500.2 the DoD
mandates the use of CC or NIAP evaluated IT security products on all
DoD networks.
Evaluations are conducted by NIAP accredited commercial CCTLs, with
oversight provided by NIAP validator personnel who are NSA government
employees, Federally Funded Research & Development Center (FFRDCs)
personnel or contractors. Prior to the enactment of Sec 933, NSA paid
for all validation costs. Sec 933 shifts the costs for this validation
oversight from NSA to the commercial CCTLs (who may, in turn, will pass
these fees onto the product vendors seeking NIAP evaluation of their IT
security products). This change will ensure that NIAP can keep pace
with the commercial demand for IT security product evaluations and will
not be constrained by NSA's program budget for validation services.
Fee Schedule: TABLE A delineates the NIAP Validation Oversight Fee
Schedule which will be assessed to CCTLs for validation services
provided in support of their NIAP evaluations. Fees are predicated on a
per hourly basis by validator skill type and are a function of the
Evaluation Assurance Levels (EALs) along with the type and complexity
of the product technology. The CC standard used for NIAP evaluations is
broken down into increasingly more rigorous Evaluation Assurance Levels
(EALs) beginning at EAL 1 and moving up to the highest possible
assurance at EAL 7.
The two primary factors used in developing the Validation Fee
Schedules were the EALs of the evaluations and the complexity (simple,
moderately complex, and complex) of the product being evaluated. Higher
EALs require more rigorous and thus more costly evaluations. More
complex products typically take more time to analyze resulting in
longer and more costly evaluations. The complexity factor takes into
account size of the product in terms of lines of code but must also
reflect the fact that new technologies will require additional
analysis. Simple products would include basic routers, switches or file
encryptors. Products of moderate complexity would include simple
firewalls or general application software. Complex products would
include standard operating systems and new/unique IA products or
technologies.
While validation oversight occurs throughout the course of an
evaluation, the majority of this oversight is focused on Validation
Oversight Reviews (VORs). These reviews take place at critical points
during the evaluation. Evaluations require Initial, Test and Final
VORs. The VOR process typically consists of three phases: the
preparation phase where validators review documents pertaining to that
specific VOR, the actual VOR meeting (attended by the validators and
lab personnel), and the Issue Resolution and Wrap-Up phase. During this
final phase all relevant issues are addressed by the CCTL then the VOR
report is finalized. At EAL 3s and above, witnessing of testing by
validator personnel may also be required.
An additional factor that will affect the validation oversight
costs is the length of the evaluation since monthly validation fees
will be applied to cover validator coordination and guidance costs
throughout the course of the evaluation.
The final section of the fee schedule depicts costs for assurance
maintenance which is the process vendors use to maintain the currency
of their product evaluations. Vendors submit rationale for why changes
to their product did not impact their evaluated product's security. The
vendor proposals are reviewed by a NIAP senior validator who determines
if their rationale is sound and makes a recommendation to NIAP
management who then renders a verdict on the vendor assurance
maintenance proposal.
Dated June 19, 2007.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, DoD.
BILLING CODE 5001-06-P
[[Page 35038]]
[GRAPHIC] [TIFF OMITTED] TN26JN07.000
[[Page 35039]]
[GRAPHIC] [TIFF OMITTED] TN26JN07.001
[[Page 35040]]
[GRAPHIC] [TIFF OMITTED] TN26JN07.002
[[Page 35041]]
[GRAPHIC] [TIFF OMITTED] TN26JN07.003
[[Page 35042]]
[GRAPHIC] [TIFF OMITTED] TN26JN07.004
[FR Doc. 07-3114 Filed 6-25-07; 8:45 am]
BILLING CODE 5001-06-C
