A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
NIST Annual Report
June 6, 2011 at 11:02 am #132119
Title: Computer Security Division Annual Report
The Computer Security Division (CSD), a component of NIST’s Information Technology Laboratory (ITL), conducts research, development and outreach necessary to provide standards and guidelines, tools, metrics and practices to protect our nations information and communication infrastructure.
In fiscal year (FY) 2010, CSD continued to build on its work in security management and assurance, cryptography and systems security, identity management and emerging security technologies. CSD played a vital role in both national and international security standard setting. The division continues its leadership role in technologies and standards for Cloud Computing, Identity Management and as a Government Wide Leader and national coordinator for the National Initiative for Cybersecurity Education (NICE). In addition, this year marked the publication of NIST Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Security, which identifies security requirements applicable to the Smart Grid, security-relevant use cases, logical interface diagrams and interface categories, vulnerability classes abstracted from other relevant cyber security documents, specific issues applicable to the Smart Grid, and privacy concerns. We also continued to provide reference specifications in multiple areas, allowing others to leverage our work to increase the security of their systems and products.
Our role as a collaborator for both government and industry is essential for the success of our mission and in FY2010 we continued to reach out to partners across the government, industry and the world. We embraced international cooperation in our SHA-3 competition as we work on a successor to our current governmentapproved hash algorithm. We received reviews from the international cryptographic community that allowed us to narrow down the acceptable candidates from 51 to less than seven. Being able to call on such a deep pool of international expertise will encourage acceptance of the final algorithm and surety with regards to its strength.
Industry represents a key audience and partner in all of our work. The success of the Security Content Automation Protocol (SCAP) program is dependent on our partnership with them. Industry has advised us on the need for the program and its evolution. There was enthusiastic adoption from many industry partners and their continued support has allowed us to move ahead with this program much more quickly than otherwise. As a result of such cooperation, we have created and are maintaining a significant repository of SCAP compliant security checklists for use with an ever-increasing number of security tools.
The responsibilities assigned to NIST, and by extension, CSD in the Federal Information Security Management Act (FISMA) to assist the federal agencies in securing their information systems is a major part of the work that we do. This year marked a historic point in that work with the release of Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. Not only was this a product of the new cooperation between NIST and the entities responsible for the security requirements for national security systems (the Department of Defense, the Director of National Intelligence and the Committee on National Security Systems), but it also presented a completely new approach for federal agencies to take to information security.
Looking forward to FY2011, CSD plans to continue its work in information security, producing standards, guidelines, technical reference materials and specifications to improve the information security management of systems across the Nation and around the world.
You must be logged in to reply to this topic.