ET+S Consortium - Technology Accreditation Group

The Enterprise Technology + Security (ET+S) Consortium Technology Accreditation (TAC) Group is charged with developing, coordinating, and managing the accreditation programs for applied science and security engineering technology programs relating to cyberspace and cyber technologies.

The ET+S Consortium works with the security vendor community, incorporating key partners, stakeholders, and the TAC Group to ‘stress test’ security technologies, assessing their level of performance, integrity, and quality, and ensuring they keep pace with ever-changing cyber security environments, and remain relevant to industry.

Our Goals:

• Promote national and national security standards for security technology accreditation and regulation to better protect industry as well as public, private, and national security interests relating to cyberspace and technology. This includes vendor certification, registration, and accreditation, as well as professional accountability.
• Provide a world-class model for accreditation of cyberspace security technology programs.
• Meet Annually. TAC Group and its supporting associations meet annually with key stakeholders, public-private partners, government, and academia to communicate findings and preliminary recommendations, as well as to solicit feedback regarding the accreditation of technology programs.

We perform a comprehensive evaluation of the technical and non-technical features of an information security system to determine whether or not the system operates at an acceptable level of [residual] risk, based on the implementation of an approved set of security-related technical, managerial, and procedural safeguards. These safeguards are applied to mitigate and manage risk in a cost-effective manner.

Our evaluation process provides an assessment [of a claim] against defined [information assurance (IA)] criteria set forth by the vendor seeking evaluation and accreditation. We deliver an independent third party review of security technologies, methodologies, and frameworks brought to the Centre for review. We also provide an international dialogue regarding accreditation best practices and reviews.

Components of Accreditation
Accreditation involves three core components: roles, activities, and documentation.

The assessment of a technology relates directly to its particular environment, associated with specific policies and procedures designed to meet a specific mission. It is an approach to managing risk that enables the TAC Group to make an informed decision about using particular information security systems with cost-effective safeguards to accomplish a security mission in a specific environment.