Fact Sheet NSTISSP No. 11, Revised Fact Sheet National Information Assurance Acquisition Policy [open pdf - 152KB]
"National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, Subject: National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology (IT) Products was issued by the National Security Telecommunications and Information Systems Security Committee (NSTISSC), now known as the Committee on National Security Systems (CNSS), in January 2000 and revised in June 2003. The Committee was established by National Security Directive (NSD) No. 42, dated July 1990, and is responsible for developing and promulgating national policies applicable to the security of national security telecommunications and information systems. The technological advances and threats of the past decade have drastically changed the way we think about protecting our communications and communications systems. Three factors are of particular significance: - The need for protection encompasses more than just confidentiality; - Commercial Off-the-Shelf (COTS) security and security-enabled IA products are readily available as alternatives to traditional NSA-developed and produced communications security equipment (i.e., Government-Off-the Shelf (GOTS) products); and - An increased and continuing recognition that the need for IA transcends more than just the traditional national security applications of the past."
NSTISSP No. 11, Revised Fact Sheet
Committee on National Security Systems: http://www.cnss.gov/