Title :
Unsteady Ground: Certification to Unstable Criteria
Author_Institution :
Comput. Lab., Univ. of Oxford, Oxford, UK
Abstract :
Cross Domain Systems for handling classified information complicate the certification test and evaluation problem, because along with multiple data owners comes duplicate responsibility for residual risk. Over-reliance on independent verification and validation by certifiers and accreditors representing different government agencies is interpreted as conflating the principle of defence-in-depth with the practice of repeated verification and validation testing. Using real-world examples of successful and unsuccessful certification test and evaluation efforts to guide the development of a new communication tool for accreditors, this research aims to reduce time and cost wasted on unnecessary retesting of the same or similar security requirements during security test and evaluation in multi-level environments.
Keywords :
certification; data handling; formal verification; government data processing; security of data; certification test; communication tool; cost reduction; cross domain system; data owner; government agency; independent verification; information classification; multilevel environment; residual risk; security test; unstable criteria; unsteady ground; Accreditation; NIST; Security; Software; Testing; US Department of Defense; certification and accreditation; certification test and evaluation; cross domain systems; security test and evaluation;
Conference_Titel :
Advances in System Testing and Validation Lifecycle (VALID), 2010 Second International Conference on
Conference_Location :
Nice
Print_ISBN :
978-1-4244-7784-5
Electronic_ISBN :
978-0-7695-4146-4
DOI :
10.1109/VALID.2010.21
