Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

A threat-based definition of IA and IA-enabled products.

Conference ·
OSTI ID:1027081
; ;

This paper proposes a definition of 'IA and IA-enabled products' based on threat, as opposed to 'security services' (i.e., 'confidentiality, authentication, integrity, access control or non-repudiation of data'), as provided by Department of Defense (DoD) Instruction 8500.2, 'Information Assurance (IA) Implementation.' The DoDI 8500.2 definition is too broad, making it difficult to distinguish products that need higher protection from those that do not. As a consequence the products that need higher protection do not receive it, increasing risk. The threat-based definition proposed in this paper solves those problems by focusing attention on threats, thereby moving beyond compliance to risk management. (DoDI 8500.2 provides the definitions and controls that form the basis for IA across the DoD.) Familiarity with 8500.2 is assumed.

Research Organization:
Sandia National Laboratories
Sponsoring Organization:
USDOE
DOE Contract Number:
AC04-94AL85000
OSTI ID:
1027081
Report Number(s):
SAND2010-6623C
Country of Publication:
United States
Language:
English

Similar Records

A threat-based definition of IA- and IA-enabled products.
Conference · Thu Jul 01 00:00:00 EDT 2010 · OSTI ID:1022168
An Analysis of Department of Defense Instruction 8500.2: ‘Information Assurance (IA) Implementation’
Technical Report · Sat Dec 31 19:00:00 EST 2011 · OSTI ID:1034875
A Cybersecurity Threat Profile for a Connected Lighting System
Technical Report · Mon Jan 31 23:00:00 EST 2022 · OSTI ID:1859678

Related Subjects

99 GENERAL AND MISCELLANEOUS
COMPLIANCE
FOCUSING
IMPLEMENTATION
MANAGEMENT
SECURITY
US DOD