maxoidos - Fotolia
I just read that the first companies have been given Cyber Incident Response Assistance (CIRA) accreditation by the National Security Cyber Assistance Program (NSCAP). What is this program, and do certified organizations have more to offer than organizations that are not given the NSA's blessing?
While most people are aware of certain areas of the NSA, one of the lesser-known areas is the Information Assurance Directorate (IAD). The IAD is tasked with developing "mission-enhancing information assurance technologies, products and services that enable customers and clients to secure operational information and information systems." It developed SELinux along with other tools to improve "confidence in cyberspace."
One of the strategic initiatives of the IAD is the National Security Cyber Assistance Program, or NSCAP. This initiative created the Cyber Incident Response Assistance, or CIRA, accreditation, which leverages experience in the industry to improve incident response. It was designed to "meet the growing needs of the U.S. Government, supplementing the incident response and intrusion detection services that the NSA/IAD provides." Its main goal is "to identify companies qualified to provide rapid, on-site support to National Security Systems owner and operators in incident response and intrusion detection."
In May 2014, the IAD announced that seven companies were granted CIRA accreditation.
The information security industry has no shortages of certifications, security standards or approval programs. For example, the U.S. Federal Government has FEDRAMP, a cloud service provider approval program that relies on FISMA, and the General Services Administration has an approved full-disk encryption software list relying on NIST standards. Each is a component of an overall information security program, and adding in a new accreditation for incident response could certainly help form that overall program.
To become CIRA accredited, a company must be reviewed in 21 focused areas of incident response -- such as communications, data collection, incident analysis and reporting -- and deliver consistent services.
The high quality and consistent incident response processes associated with CIRA accreditation could make it a certification enterprises may want to strive to achieve, especially for organizations where incident response processes, communications and reporting are extremely important.
The accreditation also encourages enterprises and government agencies to choose an incident response service provider prior to an incident to ensure high quality and consistent incident response results when needed.
Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)
Learn more about security incident response planning.
Dig Deeper on Information Security Incident Response-Information
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading