INFOSEC Assurance Training and Rating Program

We realize that many students have not had their name added to the IATRP certified list, or information updated. We apologize for the delays and any inconvenience. The website is in the process of being reworked without any change to what you should see. Please contact iatrp@iatrp.com if you feel your information is not correct or needs updating. Thank you for your patience and we apologize for any inconvenience.

An INFOSEC Assurance is a high-level review of the Information System Security (INFOSEC) posture of operational system(s) for the purpose of identifying potential vulnerabilities. Once identified, recommendations are provided for the elimination or mitigation of the vulnerability.

An INFOSEC Assurance Assessment is the first step in the vulnerability discovery triad. It provides the initial, organizational wide INFOSEC analysis, which provides invaluable information for risk management decisions such as the implementation of countermeasures and the focus of further INFOSEC analysis (i.e. the other two triad services; Evaluations and Red Team).

The INFOSEC Assurance Assessment is a three-phased process that will assist the customer to define missions, identify the criticality impacts to the information necessary to support those missions, identify potential vulnerabilities, and provide recommended countermeasures. The analysis is accomplished through the review of documentation (e.g., policies and procedures), interview with all levels of organization personnel, and system demonstrations.

Level I INFOSEC Assurance Assessments perform no hands-on testing of the system(s). Hands-on testing is typically performed during the other two triad services.

The hands-off approach will allow the INFOSEC Assurance Assessment to be performed more expeditiously than the other services. NSA has contracted out to Security Horizon (www.SecurityHorizon.com ) and EDS (www.EDS.com ) to perform IAM assessments. In certain circumstances Level 1+ INFOSEC Assurance Assessments may include limited, non-intrusive scanning tools; this is up to each individual customer.

To request an IAM Assessment, please contact one of NSA's contractors or any of our IA-CMM Rated Companies listed below:

• International Network Services:Mr. Jim Tiller at Jim.Tiller@INS.COM
• Backbone Security, Inc.: Mr. Jim Wingate at JWingate@BackboneSecurity.com
• Federal Reserve Bank of NY: Mr. John Califano at John.Califano@NY.FRB.ORG
• Honeywell Technology Solutions: Mr. Robert Guess at Robert.Guess@honeywell.com
• SRA International, Inc.: Mr. Walt Hare at Walt_Hare@SRA.com

*Point of contacts for these companies may also be obtained from this site: http://www.iatrp.com/companies.php and click on "company info"