For Academia
For Industry
For GovernmentNSA's Information Security (INFOSEC) Assurance Training and Rating Program (IATRP) Program sets the standards for Information Security (INFOSEC) Assurance services through the INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM), classes, trains and certifies individuals in the methodologies, and rates INFOSEC Assurance organizations through the use of a standard metric INFOSEC Assurance - Capability Maturity Model (IA-CMM). NSA then provides this information to consumers so they are better informed when negotiating with INFOSEC Assurance Providers. (Additional information and class schedules may be found on NSA’s supplemental website www.IATRP.com.)
The first step of any successful INFOSEC Assurance Program is the understanding of the missions, critical information supporting the missions, and the information flow throughout the Information Technical (IT) infrastructure. Too many organizations spend tremendous amounts of resources implementing “secure” hardware and software, only to have their information exploited by a lack of proper security procedures.
The National Security Agency developed the IATRP to meet the needs of all potential customers who need INFOSEC Assurance Services. The IATRP is a partnership between NSA and INFOSEC providers (U.S. Government and private sector). The IATRP sets the standard for INFOSEC Assurance Methodology through NSA-sponsored classes. Under the authority from National Security Directive (NSD) 42, and in response to Presidential Decision Directive 63 (PDD 63), dated 22 May 1998, the National Security Agency (NSA) is tasked with raising the Information Security (INFOSEC) Assurance (IA) posture of National Security Systems of U.S. Government agencies and departments. The Memorandum of Understanding (MOU) in place between NSA and the National Institutes of Technology (NIST) also allows NSA to examine non-national security systems as well. To support this task, NSA provides various services to identify and analyze vulnerabilities in operational system/networks. Since NSA has limited resources to meet the ever-growing demand for INFOSEC Assurance services, the INFOSEC Assurance Training and Rating Program (IATRP) was developed as a partnership between NSA and private INFOSEC Assurance Assessment providers. Therefore, NSA has contracted out to private industry to provide these services. (See “Authorized Vendors” at end of page.)
The NSA offers INFOSEC Assessment Methodology (IAM) classes to facilitate the transfer of Government-developed technology in the private sector. The IAM course was originally developed by NSA to train U.S. Department of Defense (DoD) organizations that perform their own INFOSEC Assurance Assessments. NSA has developed specialized knowledge with regard to information assurance systems security assessments through its completion of INFOSEC Assurance Assessments for its U.S. Government customers since 1990. Now these classes are available to all U.S. citizens and companies, U.S. Military, Federal, State and Local Government, health care professionals, banking industry, computer specialists, etc, around the world. The NSA IAM is also taught in several Institutions of Higher Learning across the nation; to list a few, The National Defense University (NDU), The University of Idaho, The University of Fairfax, The University of Colorado, and Nova South-Eastern University’s Graduate School of Computer and Information Sciences. (See “Authorized Vendors” sites at the end of IAM page for class schedule).
The NSA offers INFOSEC Evaluation Methodology (IEM) classes to facilitate the transfer of Government-developed technology into the private sector. The IEM course was developed to assist DoD organizations in Information Security Evaluations; specifically with regard to systems security evaluations through a diagnostic analysis of systems and components for identifying security vulnerabilities and counter measures. Now, these classes are also available to all U.S. citizens around the world. (See “Authorized Vendors” sites at the end of IEM page for class schedule. NSA Point of Contact (POC) may be contacted at IATRP@IATRP.com.)