Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I am a government product program manager building a system comprising numerous IA/IA-enabled COTS products that will be purchased by government customers for use in their systems. How does NSTISSP #11 apply to my program?

0
Posted

I am a government product program manager building a system comprising numerous IA/IA-enabled COTS products that will be purchased by government customers for use in their systems. How does NSTISSP #11 apply to my program?

0

How NSTISSP #11 applies depends heavily on whether the resultant system is considered a COTS or GOTS product. GOTS products must be evaluated by NSA or in accordance to an NSA-approved process. However if it is a COTS oriented solution, much depends on how it is going to be distributed. 1. If distribution is through a single office that negotiates price and product (e.g., an ID/IQ agreement), whether NSTISSP #11 COTS testing is required will be based on when price and product are agreed upon. If it is agreed upon before July 1, 2002, no NSTISSP #11 COTS testing is required. If it is agreed upon after July 1, 2002, NSTISSP #11 COTS testing is required. 2. If distribution is through a contractor that deals directly with each customer (with the contractor in control of price and distribution), whether NSTISSP #11 COTS testing required will be based upon when the price and product is agreed upon by each individual customer attempting to purchase the product. Products sold before July 1, 20

Related Questions

Thanksgiving questions

*Sadly, we had to bring back ads too. Hopefully more targeted.