ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My



My boss asked me to research the requirements to become a facility with DSS security clearance (FCL). It looks as if, just this past Monday, things took a turn for the NIST--as in new IS protocols for all DSS security clearance sites.

I'm posting here because NIST is using ISO/IEC 27001 and ISO 15408 (Common Criteria) as models for its new Risk Management Framework approach.

Have any of you encountered this yet? The website ( says that current sites with clearance have 6 months to get their IS systems to the new standard. Are you ready? Is it a minor change for you?

This would be our first time working for FCL, and while our IS is relatively secure for non-cleared work, I'm trying to assess how much we'll have to change for classified work. NIST 800 looks really complicated, but since I haven't been in the system, I don't know if you're working with structures that are already set up, etc.

Anyway, really, any feedback you have on FCL and IS clearance would be welcome. Thanks for taking the time to read this!:thanks:
Top Bottom