NSA makes information assurance designations

Find opportunities — and win them.

The National Security Agency has developed an evaluation program for government and industry organizations seeking to improve the security of their information technology systems and networks.

The National Security Agency has developed an evaluation program for government and industry organizations seeking to improve the security of their information technology systems and networks, the agency announced March 14.

Called the Infosec Assessment Training and Rating Program, it will connect organizations in need of IT vulnerability assessments with companies qualified to perform them within the program guidelines and standards.

Seven companies agreed to have their security vulnerability appraised against the NSA's information security assessment capability maturity model. These companies perform assessments using either the NSA-developed methodology or one that is similar. The participating companies include:

*Backbone Security.com, Sudbury, Mass.;

*Booz-Allen Hamilton Inc., McLean, Va.;

*Computer Sciences Corp., El Segundo, Calif.;

*Electronic Data Systems Corp., Plano, Texas;

*Lucent Technologies Inc., Murray Hill, N.J.

*SRA International Inc., Fairfax, Va.;

*TrustWave Corp., Annapolis, Md.

"The long-term goal of the [Assessment Training and Rating Program] is to assist in the protection of sensitive information by increasing the information assurance levels of our national and defense information infrastructures," the agency said.

The program will also enable compliance with the Presidential Decision Directive 63 requirements for vulnerability assessments.


In a separate announcement, NSA said it has named 13 universities and recertified another seven institutions as Centers of Academic Excellence in Information Assurance Education. The designation makes them eligible for scholarships and grants through both the federal and Defense Department information assurance scholarship programs. The certification is good from 2002 to 2005.

"Information assurance education plays a critical role in protecting the national information infrastructure," the NSA said. "The centers are key to having security solutions keep pace with evolving technology now and into the future. The centers also provide great geographic dispersion of information assurance education across the country, building expertise where the national information infrastructures reside."

The schools added to the list are:

*Air Force Institute of Technology, Ohio

*George Washington University, Washington

*Indiana University of Pennsylvania

*New Mexico Tech

*North Carolina State University

*Northeastern University, Mass.

*Polytechnic University, N.Y.

*State University of New York, Buffalo

*State University of New York, Stony Brook

*Towson University, Md.

*University of Maryland, University College

*University of Nebraska, Omaha

*University of Texas, San Antonio

The centers that were revalidated are: George Mason University, Idaho State University, Iowa State University, James Madison University, Purdue University, University of California, Davis, and University of Idaho.