Information System Security Assurance Architecture ( ISSAA) Working Group
An IEEE Information Assurance Activity http://ieeeia.org

P1700 Purpose (Draft)
Purpose:

This standard describes the motivations for the overall Information System Security Assurance Architecture. Although the architecture may suggest a particular design or implementation, it is not the IEEE's intent to favor a specific implementation satisfying the ISSAA. Indeed, it should be possible to implement a number of scalable solutions to satisfy the ISSAA.

The ISSAA standard provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support present enterprise operations and assets. This standard, and the related component standards that derive from it, will adhere to the concepts that security must be cost-effective and proportional to risks and criticality of the information and systems involved. The ISSAA standard provides assurance that well-known quality-of-service (QoS) requirements, including those of confidentiality, data integrity, authentication, authorization and non-repudiation are met. The approach integrates common

Certification and Accreditation (C&A) functions, such as security planning, selection and implementation of controls, risk assessment, and categorization and mapping of information and systems, in a way that supports existing standards and the law. In addition, this approach should be applicable to future network-centric environments supported by autonomic systems.

Jim Veneziano

http://issaa.org
updated Thursday, June 17, 2004
Contact Webmaster

This site and all contents (unless otherwise noted) are Copyright © 2004
Institute of Electrical and Electronics Engineers, Inc.
All rights reserved.