maxoidos - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can the NSCAP improve enterprise security with the CIRA certification?

Expert Nick Lewis discusses the Cyber Incident Response Assistance certification from the NSA's National Security Cyber Assistance Program and what the accreditation means for an enterprise.

I just read that the first companies have been given Cyber Incident Response Assistance (CIRA) accreditation by the National Security Cyber Assistance Program (NSCAP). What is this program, and do certified organizations have more to offer than organizations that are not given the NSA's blessing?

While most people are aware of certain areas of the NSA, one of the lesser-known areas is the Information Assurance Directorate (IAD). The IAD is tasked with developing "mission-enhancing information assurance technologies, products and services that enable customers and clients to secure operational information and information systems." It developed SELinux along with other tools to improve "confidence in cyberspace."

One of the strategic initiatives of the IAD is the National Security Cyber Assistance Program, or NSCAP. This initiative created the Cyber Incident Response Assistance, or CIRA, accreditation, which leverages experience in the industry to improve incident response. It was designed to "meet the growing needs of the U.S. Government, supplementing the incident response and intrusion detection services that the NSA/IAD provides." Its main goal is "to identify companies qualified to provide rapid, on-site support to National Security Systems owner and operators in incident response and intrusion detection."

In May 2014, the IAD announced that seven companies were granted CIRA accreditation.

The information security industry has no shortages of certifications, security standards or approval programs. For example, the U.S. Federal Government has FEDRAMP, a cloud service provider approval program that relies on FISMA, and the General Services Administration has an approved full-disk encryption software list relying on NIST standards. Each is a component of an overall information security program, and adding in a new accreditation for incident response could certainly help form that overall program.

To become CIRA accredited, a company must be reviewed in 21 focused areas of incident response -- such as communications, data collection, incident analysis and reporting -- and deliver consistent services.

The high quality and consistent incident response processes associated with CIRA accreditation could make it a certification enterprises may want to strive to achieve, especially for organizations where incident response processes, communications and reporting are extremely important.

The accreditation also encourages enterprises and government agencies to choose an incident response service provider prior to an incident to ensure high quality and consistent incident response results when needed.

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

Next Steps

Learn more about security incident response planning.

This was last published in March 2015

Dig Deeper on Information Security Incident Response-Information