November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.

Slides:



Advertisements
Similar presentations
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Advertisements

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Advancing Government through Collaboration, Education and Action Financial Innovation and Transformation Shared Services Workshop March 17, 2015.
Session 121 National Incident Management Systems Session 12 Slide Deck.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
Part of a Broader Strategy
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
Critical Emerging Network-Centric Applications Tele-control/tele-presence Defense Tele-medicine Remote plane/vehicle/robot control Distance learning Real-time.
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Joseph Ferracin Director IT Security Solutions Managing Security.
ICT business statistics and ICT sector: Uzbekistan’s experience Prepared by Mukhsina Khusanova.
Translating Knowledge to On-the-Ground Results Henry L. Green, Hon. AIA National Institute of Building Sciences Congressional.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
NSDI Future Directions Initiative Towards a National Geospatial Strategy and Implementation Plan Ivan B. DeLoatch FGDC Staff Director.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 QUALTITY ASSURANCE The Ministry of higher education in Syria THE ROUNDTABLE MEETING OF QUALTITY ASSURANCE AGENCIES OF THE ORGANIZATION OF ISAMIC CONFERENCE.
Activities of the National Water Quality Monitoring Council Gail Mallard, USGS NWQMC Meeting Phoenix, AZ, December 10, 2002.
Update on IPv6 Transition U.S. Federal IPv6 Task Force Jane Coffin Co-Chair of the U.S. Federal IPv6 Task Force August 2011 – CITEL PCC.I, Mar del Plata,
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
“History is a set of lies agreed upon.” Napoleon Bonaparte.
SEARCH Membership Group Systems & Technology PAC Global Justice XML Data Model (GJXDM) Update January 29, 2005.
National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Critical Infrastructure: Commerce/NTIA Lead Agency Role by Shirl Kinney Deputy Assistant Secretary, NTIA October - November, 1998 A Composite of Recent.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.
Public Health Data Standards Consortium
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Public Safety and Homeland Security Bureau 2006 Annual Report January 17, 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.
Law Seminars International Spectrum Management Conference NTIA: SPECTRUM POLICY FOR THE 21 st CENTURY The Federal Government Spectrum Management Perspective.
Technology Services – National Institute of Standards and Technology Implementing the National Technology Transfer and Advancement Act in the Federal Government.
Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,
Expedition Workshop Strategic Leadership For Networking and Information Technology Education September 16, 2008 Chris Greer Director, NCO.
Voluntary Standards and Government: Working Together A Positive Collaboration Benefits Both the Public and Private Sectors Presentation by Mary C. McKiel,
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
Standards Coordination Office NIST presentation to the FGDC September 25, 2014.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
What does the State GIS Coordinator do?
Group Meeting Ming Hong Tsai Date :
Presentation transcript:

November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory

November 9, Agenda n Who we are n Computer security program n NIST partnerships n Summary

November 9, Promote the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure for information technology n Advanced Network Technologies n Computer Security n Distributed Computing and Information Services n High Performance Systems and Services n Information Access and User Interfaces n Mathematical and Computational Sciences n Software Diagnostics and Conformance Testing n Statistical Engineering

November 9, NIST Mandate for Computer Security n Develop standards and guidelines for the Federal government n Improve the competitiveness of the American IT industry

November 9, Computer Security Division Mission Computer Security Division Mission To improve the state-of-the-art in information security through: Guidance Awareness Standards, Metrics, Tests Awareness - of IT vulnerabilities and protection requirements Standards, Metrics, Tests - to promote, measure, and validate security improvements and enable confidence for marketplace transactions and minimum standards for Federal systems Guidance - to increase effective security planning and implementation of cost-effective security in Federal systems

November 9, Agenda n Who we are n Computer security program n NIST partnerships n Summary

November 9, Security Program Strategy n Collaboration with industry and government –Work to develop IT specifications and conformance tests to promote secure, interoperable products and systems –Develop standards in cooperation with industry and voluntary consensus standards bodies to promote and protect USG and IT industry interests n Acting as “honest broker”

November 9, Security Program Strategy (Concluded) n Focus on Improving the security of products and systems –Develop standards for secure, interoperable products –Validate conformance of commercial products to selected Federal Information Processing Standards (FIPS) –Perform research and conduct studies to identify vulnerabilities and devise solutions –Develop new test methods and procedures that will make testing of security requirements/ specifications more efficient and cost effective

November 9, Key Components of NIST’s Computer Security Program n Security standards development n Security testing n Exploring new security technologies n Assistance and guidance

November 9, Security Standards Development n Work with industry and government to develop standards for computer security –Cryptography –Policies, management, and operational controls –Best practices –Common Criteria –Public Key Infrastructure (PKI)

November 9, Key Efforts -- Standards n AESAdvanced Encryption Standard n FIPS 46-3Triple Data Encryption Standard (DES) n DSS Upgradeto include RSA, Elliptic Curve n SHA-2 Upgrade of SHA-1 n FIPS 140-2Upgrade of n X9.82Random Number Generator n Key ExchangeKey Exchange/Agreement Standard(s) n ISO 15408Common Criteria v.2 n IETFPKIX, IPSec, DNSSec, etc. n ISO 15292/15446Protection Profile Registration and Development Guidance n FIPAFoundation for Intelligent Physical Agents n PKISecurity Requirements for Certificate Issuing and Management Components (CIMCs)

November 9, Security Testing n Develop the tests, tools, profiles, methods, and implementations for timely, cost effective evaluation and testing n Validation –Cryptographic Module Validation Program (CMVP) –National Information Assurance Partnership (NIAP) n Conformance and interoperability testing –MISPC –IPv6 test resource

November 9, Key Efforts -- Testing n Crypto Module Validation Program n Algorithm Testing n Random Number Generator Testing n MISPC Testing n Certificate Authority Testing n Firewall Security & Evaluation Tests n Telecommunications Switch Security n Protection Profile Testing n Automated Test Development/Generation n Common Criteria Evaluation and Validation Scheme n Laboratory Accreditation

November 9, Exploring New Security Technologies n Identify and use emerging technologies, especially infrastructure niches n Develop prototypes, reference implementations, and demonstrations n Transition new technology and tools to public & private sectors n Advise Federal agencies

November 9, Key Efforts -- New Technologies n Role-Based Access Control n Policy Management n Intrusion Detection n Mobile Agents n Automated Security Test Generation n IPSec/web interface testing n Security Service Interfaces

November 9, Assistance and Guidance n Assist U.S. Government agencies and other users with technical security and management issues n Assist in development of security infrastructures n Develop or point to cost-effective security guidance n Actively transfer security technology and guidance from NIST to agencies/industry n Support agencies on specific security projects on a cost- reimbursable basis

November 9, Key Efforts -- Assistance and Guidance n NIST Special Publications: –800-18, “Guide for Developing Security Plans for Information Technology Systems” –800-16, “Information Technology Security Training Requirements” –“Guideline for Implementing Cryptography in the Federal Government” (Forthcoming) –“Security Incident Handling -- A Cooperative Approach” n ITL Bulletins (1999): –November Intrusion Detection –September Securing Web Servers –August The Advanced Encryption Standard: A Status Report –May Computer Attacks: What They Are and How to Defend Against Them

November 9, Agenda n Who we are n Computer security program n NIST partnerships n Summary

November 9, In carrying out NIST’s programs, we don’t work alone...

November 9, IT Industry Federal Agencies Standards Community Academia Testing Labs NIST Outreach ACM Workshops on Access Control Agency Assistance Federal Computer Security Training Resource Center Best Practice Task Force CIO Council Security Privacy-Critical Infrastructure Computer System Security & Privacy Advisory Board (CSSPAB) Critical Infrastructure Protection Department of Justice Executive Advisory Team Director Forum of CIO Council DoC/CIO Contingency Planning Affinity Group FedCIRC Partners Federal Computer Security Program Managers' Forum Federal Information Systems Security Educators' Association (FISSEA) Federal Public Key Infrastructure Steering Committee & Subgroups Forum for Privacy & Security in Healthcare High Performance Computing and Communications Information Industry Group INFOSEC Research Council National Colloquium for Information Systems Security Education (NCISSE) National Science Foundation Career Proposal Review Panel National Security Telecommunications & Information Systems Security Committee (NSTISSC) Network Security Information Exchange NIST-NSA Technical Working Group Open Source Security Working Group Smart Card Security Users Group American Bar Association Information Security Ctte Common Criteria Mutual Recognition Arrangement Management Ctte Critical Infrastructure Coordination Group Education & Awareness Ctte Federal Public Key Infrastructure Technical Working Group Forum for Privacy & Security in Healthcare Information Industry Group National Colloquium for Information Systems Security Education (NCISSE) National Science Foundation Career Proposal Review Panel Nat'l Ctte for Information Technology Standards, T3-Open Distributed Processing Network Security Information Exchange Smart Card Security Users Group Steering Ctte Member of ACM Workshop on Access Control CEAL: a Cygnacom Solutions Laboratory DOMUS IT Security Laboratory, A Division of LGS Group, Inc. InfoGard Laboratories, Inc. ANSI Accredited Standards Committee X9F3 ANSI X9.82 Random Number Generation Standard ANSI X9F, X9F1, X9F3 ANSI-NCITS T4 Computer Security Nat'l Committee for Information Technology Standards, Technical Committee T3-Open Distributed Processing NIST-NSA Technical Working Group IETF S/MIME V3 Working Group IETF Public Key Infrastructure Working Group (PKIX) IETF Internet Protocol Security (IPSEC) Internet Protocol Secure Policy (IPSP) Internet Protocol Secure Remote Access (IPSRA) ISO/Internat'l Electrotechnical Commission Joint Technical Committee 1 ISO JTCI SC27 Computer Security Smart Card Security Users Group Critical Infrastructure Coordination Group Education & Awareness Ctte National Colloquium for Information Systems Security Education (NCISSE)

November 9, How we improve security through standards and testing Key Theme: Improving Security Products

November 9, Develop security standards Identify needs for security standards - industry and government Therefore… Security is Improved! Test products against security standards Vendors improve products Users get more secure products

November 9, Agenda n Who we are n Computer security program n NIST partnerships n Summary

November 9, Summary & Conclusions n Raising awareness of the need for cost-effective security n Engaging in key U.S. voluntary standards activities n Developing standards and guidelines to secure Federal systems (often adopted voluntarily by private sector) –Cryptographic algorithms –Policy, management, operations, and best practices guidance –PKI n Providing National leadership role for security testing and evaluation –Cryptographic Module Validation Program –National Information Assurance Partnership NIST is improving security by:

November 9, Yet, there is more we could do...

November 9, President’s 9/99 Proposal for Increasing NIST CIP Activities n Establish an Expert Review Team at NIST –Assist Government-wide agencies in adhering to Federal computer security requirements –Director to consult with OMB and NSC on plans to protect and enhance computer security for Federal agencies n Fund a permanent 15-member team responsible for –Helping agencies identify vulnerabilities –Plan secure systems, and implement CIP plans

November 9, President’s 9/99 Proposal for Increasing NIST CIP Activities (Concluded) n Establish an operational fund at NIST for computer security projects among Federal agencies –Independent vulnerability assessments –Computer intrusion drills –Emergency funds to cover security fixes for systems identified to have unacceptable security risks

November 9, Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.