The National Security Agency (NSA) is establishing what it calls a “National Security Cyber Assistance Program” to accredit commercial security providers for specific types of security expertise to be called on by the government, and Lockheed Martin says it’s the first to gain NSCAP accreditation for incident response.
The NSA’s Information Assurance Directorate is setting up the NSCAP accreditation program to evaluate cyber-security expertise among commercial providers in four main areas: intrusion detection; incident response; vulnerability assessment; and penetration testing. Lockheed Martin was just granted a one-year NSCAP accreditation for incident response, according to Chandra McMahon, vice president of commercial markets for Lockheed Martin’s Information Systems & Global Solutions. Lockheed Martin is the first but other commercial firms are also in the pipeline applying for NSCAP accreditation, she adds.
+More on Network World: CryptoLocker, Gameover Zeus interrupted, but what happens next? | Lockheed lands $915 million to begin space fence work +
NSA has not yet released guidelines related to NSCAP accreditation in its other three security focus areas of intrusion-detection, vulnerability assessment and penetration testing, she notes.
The NSCAP accreditation process is emerging as a way for NSA to have a ready list of vetted providers that the government, both on the military and the civilian side, can call upon if needed to assist in protecting classified and unclassified national security systems. “It’s a broad definition,” McMahon points out, noting that there are agencies outside the military deemed to operate “national security systems.”
The one-year NSCAP incident-response accreditation that Lockheed Martin’s cyber-security division now has means it’s deemed capable of providing a team that could immediately be called in by a government agency to respond to cyberattacks, such as advanced persistent threats, in which there’s the need to quickly identify and end any threat. According to McMahon, It would also involve remediation and forensics.
The NSA evaluation process for selecting NSCAP participants involves each security provider making the case for its own capabilities by answering a lot of questions about things such as tools, log collection capabilities, and staff skills, plus providing evidence of work performed in redacted documents. “For incident response, you need to be able to deploy not only in the U.S. but globally,” McMahon notes.
The new NSA program has not yet spelled out the specific NSCAP requirements related to intrusion detection, vulnerability assessment and penetration testing. So far, NSCAP has been largely defined as security assistance as a service rather than deploying security products internally, but that might change. Could NSCAP eventually evolve in some form to become an accreditation needed by vendors to compete in government contracting? It’s unknown, but it turns out to be successful, McMahon says that’s conceivable into the future.