|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Guidance
- Outreach Awareness
&
Education
- FISMA Implementation
Project
General
Information:
- Site
Map
- List of Acronyms
- Archived
Projects
&
Conferences
- Virus Information
- ICAT Alerts
Search
NIST's ICAT
Vulnerability Archive:
|
|
Our Division's
activities are focused into the following six areas:
1. Cryptographic Standards and Applications
2. Security Testing
3. Security Research / Emerging Technologies
4. Security Management and Guidance
5. Outreach, Awareness and Education
6. FISMA Implementation Project
If you do
not find the focus area that you are looking for, please either visit
our CSRC Site Map or perform a search
using the CSRC search engine (left menu bar area).
Cryptographic
Standards and Applications
Focus is on
developing cryptographic methods for protecting the integrity, confidentiality,
and authenticity of information resources; and addresses such technical
areas as: secret and public key cryptographic techniques, advanced authentication
systems, cryptographic protocols and interfaces, public key certificate
management, smart tokens, cryptographic key escrowing, and security architectures.
Helps enable widespread implementation of cryptographic services in applications
and the national infrastructure.
The Security Technology Group is principally responsible for this focus
area.
Security
Testing
Focus is on
working with government and industry to establish more secure systems
and networks by developing, managing and promoting security assessment
tools, techniques, services, and supporting programs for testing, evaluation
and validation; and addresses such areas as: development and maintenance
of security metrics, security evaluation criteria and evaluation methodologies,
tests and test methods; security-specific criteria for laboratory accreditation;
guidance on the use of evaluated and tested products; research to address
assurance methods and system-wide security and assessment methodologies;
security protocol validation activities; and appropriate coordination
with assessment-related activities of voluntary industry standards bodies
and other assessment regimes.
The Security Testing and Metrics Group is principally responsible for
this focus area.
Security
Research / Emerging Technologies
Focus is on
research necessary to understand and enhance the security utility of new
technologies while also working to identify and mitigate vulnerabilities.
Addresses such technical areas as: advanced countermeasures such as intrusion
detection, firewalls, and scanning tools; security testbeds, vulnerability
analysis/mitigation, access control, incident response, active code, and
Internet security.
The Systems and Network Security Group is principally responsible for
this focus area.
Security
Management and Guidance
Focus is on
developing security management guidance, addressing such areas as: risk
management, security program management, training and awareness, contingency
planning, personnel security, administrative measures, and procurement
and in facilitating security and the implementation of such guidance in
Federal agencies via management and operation of the Computer Security
Expert Assist Team.
The Security Management and Guidance Group is principally responsible
for this focus area.
Outreach,
Awareness and Education
Focus is on
activities to support wider awareness of the importance and need for IT
security, promoting the understanding of IT security vulnerabilities and
corrective measures, and in facilitating greater awareness of the Division's
programs and projects.
This focus area is supported by all components of the Division.
FISMA
Implementation Project
The E-Government
Act (Public Law 107-347) passed by the 107th Congress and signed into
law by the President in December 2002 recognized the importance of information
security to the economic and national security interests of the United
States. Title III of the E-Government Act, entitled the Federal Information
Security Management Act (FISMA), requires each federal agency to develop,
document, and implement an agency-wide program to provide information
security for the information and information systems that support the
operations and assets of the agency, including those provided or managed
by another agency, contractor, or other source.
Last updated:
October 14, 2004
Page created: January 5, 1999
|