CSRC Homepage
 
 CSRC Site Map

 CSD Publications:
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance
   - Outreach Awareness
       & Education
   - FISMA Implementation
       Project

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

Our Division's activities are focused into the following six areas:
  1. Cryptographic Standards and Applications
  2. Security Testing
  3. Security Research / Emerging Technologies
  4. Security Management and Guidance
  5. Outreach, Awareness and Education
  6. FISMA Implementation Project

If you do not find the focus area that you are looking for, please either visit our CSRC Site Map or perform a search using the CSRC search engine (left menu bar area).

Cryptographic Standards and Applications
Focus is on developing cryptographic methods for protecting the integrity, confidentiality, and authenticity of information resources; and addresses such technical areas as: secret and public key cryptographic techniques, advanced authentication systems, cryptographic protocols and interfaces, public key certificate management, smart tokens, cryptographic key escrowing, and security architectures. Helps enable widespread implementation of cryptographic services in applications and the national infrastructure.
The Security Technology Group is principally responsible for this focus area.

• Advanced Encryption Standard (AES)
• Cryptographic Standards Toolkit
• Encryption Key Recovery and S/MIME
• Public Key Infrastructure (PKI)

Security Testing
Focus is on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation; and addresses such areas as: development and maintenance of security metrics, security evaluation criteria and evaluation methodologies, tests and test methods; security-specific criteria for laboratory accreditation; guidance on the use of evaluated and tested products; research to address assurance methods and system-wide security and assessment methodologies; security protocol validation activities; and appropriate coordination with assessment-related activities of voluntary industry standards bodies and other assessment regimes.
The Security Testing and Metrics Group is principally responsible for this focus area.

• Cryptographic Module Validation Program (CMVP)
• IPSec
• National Information Assurance Partnership (NIAP)

Security Research / Emerging Technologies
Focus is on research necessary to understand and enhance the security utility of new technologies while also working to identify and mitigate vulnerabilities. Addresses such technical areas as: advanced countermeasures such as intrusion detection, firewalls, and scanning tools; security testbeds, vulnerability analysis/mitigation, access control, incident response, active code, and Internet security.
The Systems and Network Security Group is principally responsible for this focus area.

• Authorization Management and Advanced Access Control Models (AM&AACM) formerly known as Role Based Access Control (RBAC)
• Critical Infrastructure Grants Program
• IPSec
• Mobile Agent Intrusion Detection and Security (MAIDS)
• Smart Card Security and Research
• Wireless Security

Security Management and Guidance
Focus is on developing security management guidance, addressing such areas as: risk management, security program management, training and awareness, contingency planning, personnel security, administrative measures, and procurement and in facilitating security and the implementation of such guidance in Federal agencies via management and operation of the Computer Security Expert Assist Team.
The Security Management and Guidance Group is principally responsible for this focus area.

• Computer Security Guidance (publications)
• Information Security Within the System Development Life Cycle (SDLC)
• Policies (Federal Requirements)
• Program Review for Information Security Management Assistance (PRISMA)

Outreach, Awareness and Education
Focus is on activities to support wider awareness of the importance and need for IT security, promoting the understanding of IT security vulnerabilities and corrective measures, and in facilitating greater awareness of the Division's programs and projects.
This focus area is supported by all components of the Division.

• Awareness, Training and Education (ATE)
• Computer Security Resource Center (CSRC)
• Federal Computer Security Program Managers' Forum
• Federal Information Systems Security Educators' Association (FISSEA)
• Information Security and Privacy Advisory Board (ISPAB)
• Small Business Computer Security Workshops and Regional Security Awareness Meetings
• Small Business Corner (SBC)

FISMA Implementation Project
The E-Government Act (Public Law 107-347) passed by the 107th Congress and signed into law by the President in December 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

• Federal Information Security Management Act (FISMA) Implementation Project