Defense in depth is the application of multiple layers of protection wherein a subsequent layer will provide protection if a previous layer is breached.
The Information Assurance Technical Framework Forum (IATFF), an organization sponsored by the National Security Agency (NSA), has produced a document entitled the “Information Assurance Technical Framework” (IATF) that provides excellent guidance on the defense-in-depth concepts.
The IATFF encourages and supports technical interchanges on the topic of information assurance among U.S. industry, U.S. academic institutions, and U.S. government agencies. Information on the IATFF document can be found at the website http://www.iad.gov/library/iacf.cfm.
The IATF document 3.110 stresses the importance of the people involved, the operations required, and the technology needed to provide information assurance and to meet the organization's mission.
The defense-in-depth strategy as defined in IATF document 3.1 promotes application of the following information assurance principles: