CALIFORNIA NATIONAL CYBER SECURITY PARTNERSHIP TASK FORCE RECOMMENDATIONS National Cyber Security Partnership Makes Recommendations on Cyber Security Technical Standards and Common Criteria
PALO ALTO, Calif.--(BUSINESS WIRE)--April 19, 2004--The National Cyber Security Partnership Task Force on Technical Standards and Common Criteria released a report today recommending strategies to reduce security vulnerabilities through standards-based solutions and enhancements to existing development, deployment, and testing processes.


"The security-worthiness of software is essential to the protection and operation of our nation's critical infrastructure. This report represents an unprecedented effort by vendors, academics and other experts to take a comprehensive look at the issue of technical security standards -- from product configuration and documentation, to deployment, vulnerability testing, certification and maintenance," said Mary Ann Davidson, Chief Security Officer, Oracle Corp., and co-chair of the Task Force on Technical Standards and Common Criteria. "It's clear that to improve the security of deployed software, vendors are going to have to step up and provide customers with 'secure by default' configurations and the tools to continuously validate and maintain security configurations. In addition, the Task Force recommendations will result in the kind of guidance and best practices geared toward making developers, buyers and users of software more security savvy."

"While vendors can and must step up and take responsibility for providing more secure products, the active support of government, user groups and consumers is critical to our success," said Chris Klaus, CTO of Internet Security Systems, and co-chair of the Task Force. "These recommendations require the contribution and action of end-users from support in testing products in 'real world' deployments to demanding their vendors provide more secure products and better documentation. The U.S. Government has a particular role to play by funding research on vulnerability assessment, providing needed resources to NIST, and improving the Common Criteria/NIAP evaluation to make it a viable, value-added process towards increasing security in products throughout our Nation's information infrastructure."

"Our Task Force report reflects the significant progress that can only be made when industry, government and other security experts partner together. Cyber security is a critical shared challenge and one that only shared action can address. We look forward to the community's response to our recommendations and the improvements to the nation's cyber security posture that will result," said Edward Roback, Chief of the Computer Security Division at the National Institute of Standards and Technology (NIST), who serves as the third co-chair of the Task Force.

Task Force members include a range of subject matter experts, including academics, CSOs, federal officials, and industry experts.

Task Force recommendations are targeted for both industry and government adoption and champion better ways of providing, measuring and maintaining security so that consumers can be more informed when they purchase and use software, related security devices, and hardware.

Recommendations focus on:

-- Broadening recognition and adoption of existing standards and best practices;

-- Furthering the use of existing capabilities through common software security configurations;

-- Investing in federal research toward the development of better vulnerability analysis or "code scanning" tools that can identify software defects;

-- Developing guidelines for secure equipment deployment and network architectures; and,

-- Improving the "Common Criteria" process, used by vendors and customers to develop security specifications and conduct security evaluations