WASHINGTON -- Application Security, Inc. (AppSecInc) (www.appsecinc.com
These requirements are at least in part a response to the ongoing security breach epidemic -- since February 2005, more than 83 million Americans have had their personal information compromised. Whether the result of human error, insider espionage, or external attacks, no sector has been spared by these breaches, including government agencies. And for government organizations, the impact of these compromises ranges from the disruption of operations, to embarrassing disclosures, to national security risks.
In response to this epidemic, the Defense Information Service Agency (DISA) recently established a new set of security guidelines specific to databases. The Database Security Technical Implementation Guide (STIG) identifies known security vulnerabilities, configuration items, and other issues which must be addressed under the authority of DoD. For instance, Directive 8500.1 mandates that "all information assurance (IA) and IA-enabled IT products incorporated into DoD information systems shall be configured in accordance with DoD approved security configuration guidelines."