Tuesday, October 19: 3:30--5:00
Kennedy Jefferson Room

Chair

• PRESENTATION  Mary Schanken, NSA

• PRESENTATION  Mr. James P. Craft, United States Agency for International Development
• PRESENTATION  Charles G. Menk III, National Security Agency

The National Security Agency (NSA) has been involved in efforts to help customers judge the full spectrum of Information Systems Security (INFOSEC) products, systems, and services while possibly minimizing the expense and time involved in the current evaluation/certification processes.  An effort that NSA sponsored was the development of a Capability Maturity Model (CMM) for security engineering.

NSA began the effort to develop a CMM for security engineering in 1993, with the hopes that the security engineering community would become involved to help define the criteria against which they might be assessed in the future.  Learning from the past, NSA believed this approach would be more successful and accepted than if NSA were to issue it as a requirement.  Over 50 government, industry, and academic organizations developed the Systems Security Engineering Capability Maturity Model (SSE-CMM) and its appraisal methodology.  This panel will address a few of the ways that the United States Government is using the SSE-CMM.

Mr. James P. Craft is the Information Systems Security Officer and Information Systems Security Program Manager for the United States Agency for International Development.  In this capacity, Mr. Craft has led the development of the Model Information Systems Security Program (MISSP).

Mr. Craft has more than nineteen years of experience in the areas of systems and security engineering; operations and strategic planning; telecommunications; Test, Training, and Exercise (TT&E); organizational analysis; and management.  This experience has, for the last fifteen years, primarily centered on systems engineering, information security, and operations in large MIS/EIS systems with specialized applications operating across multimedia LAN/WANs.  Mr. Craft served as a communications officer in the United States Marine Corps, and worked for the firms of BETAC, Booz-Allen & Hamilton, and Systems Research and Applications International prior to his appointment to USAID.  Mr. Craft has served on the Steering Committee, Author Group, and Applications Group for the SSE-CMM.  Mr. Craft also assisted the Presidential Commission on Critical Infrastructure Protection in developing a comprehensive summary of threats and impacts to the national and global information infrastructure.

Mr. Craft is a speaker and published writer who has written issue papers, policy papers, technical papers, SOPs, studies, manuals, and other analysis.  As a government contractor, Mr. Craft has worked with and supported Information Technology and security programs of the NSC, NSA, NCS, DOD, DOJ, FBI, USSS,
Department of State, GSA, NIST, DOE, Department of Treasury, and other Federal organizations.  Mr. Craft has also supported private organizations including law firms, banks, stock exchanges, energy and other firms.

Mr. Craft received a B.S., Management from George Mason University in 1978.
Mr. Craft is a Certified Information Systems Security Professional as determined by the International Information Systems Security Certification Consortium.