Certification Laboratories
There are a variety of governmental and commercial laboratories that provide security certification and assurance services. Examples of such certification entities are the U.S Army's CECOM Life Cycle Management Command (CECOM LCMC) Software Engineering Center (SEC), SAIC, and the International Computer Security Association (ICSA) Laboratories. The functions of these laboratories are discussed in the following sections. Additional types of certification laboratories are discussed later in this chapter under Certification Types.
The Software Engineering Center Software Assurance Laboratory
The mission of the SEC Software Assurance Laboratory (SWAL) (www.sec.army.mil/secweb/facilities_labs/swal.php) is “Providing CECOM LCMC and DoD with software assessment services to ensure software quality throughout its life cycle.” A major function of SWAL is to provide certification and accreditation services to DoD and U.S. Army program executive offices, project management offices, and life cycle management commands under the DoD DIACAP. Relative to DIACP, SWAL provides the following services:
- Prepare IA certification validation plans as part of the DIACAP Implementation Plan (DIP) in accordance with the DIACAP validation requirements and methods.
- Conduct validation of IA controls.
- Prepare IA validation Artifact.
- Prepare IA Scorecards.
- Prepare IA Risk assessment artifacts from the IA validation findings.
- Provide the IA Scorecard and supporting artifacts to the CA ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
