| Abstract |
The Information Assurance Technical Framework (IATF) document, Release 3.1, provides technical guidance for protecting the information infrastructures of the United States (U.S.) Government and industry. The information infrastructure processes, stores, and transmits information critical to the mission and business operations of an organization. This information is protected through information assurance (IA) that addresses all the security requirements of today's information infrastructure. IA relies on people, operations, and technology to accomplish the mission/business and to manage the information infrastructure. Attaining robust IA means implementing policies, procedures, techniques, and mechanisms at all layers of the organization's information infrastructure. The IATF defines the information system security engineering (ISSE) process for developing a secure system. This process defines the principles, the activities, and the relationship to other processes. Applying these principles results in layers of protection known collectively as the Defense-in-Depth Strategy. The four major technology focus areas of the Defense-in-Depth Strategy are to Defend the Network and Infrastructure, Defend the Enclave Boundary, Defend the Computing Environment, and Defend Supporting Infrastructures. The Defense-in-Depth Strategy has been broadly adopted. For example, within the U.S. Department of Defense (DoD), the Global Information Grid (GIG) IA Policy and Implementation Guidance was built around the strategy. This departmental-level policy document cites the IATF as a source of information on technical solutions and guidance for the DoD IA implementation. |
