![]() |
Search
CSRC:
CSD
Publications: CSD
Focus Areas: General
Information: Links
& Organizations Search
NIST's ICAT
Vulnerability Archive: |
![]() Welcome to the Federal Computer Security Program Managers' Forum ("Forum") website. The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of computer security information among federal agencies. The Forum hosts the Federal Agency Security Practices web site, maintains an extensive e-mail list, and holds bi-monthly meetings to discusses current issues and developments of interest to those responsible for protecting sensitive (unclassified) federal systems [except "Warner Amendment" systems, as defined in 44 USC 3502 (2)]. Marianne Swanson of NIST serves as the Chairperson. The Forum is assisted by a Steering Committee, which helps plan meetings by identifying topics and speakers of interest to the members. NIST serves as the secretariat of the Forum, providing necessary administrative and logistical support. OBJECTIVES of the Forum are:
FORUM MEMBERSHIP New members are always welcomed! Participation in Forum meetings is open to federal government employees who participate in the management of their organization's computer security program. To join the Forum, please provide your name, title, federal agency, mailing address, telephone, fax and e-mail to Elaine Frye at NIST (fax 301-926-2733 or e-mail at "Elaine.Frye@nist.gov"). There are no membership dues. POINTS OF CONTACT Marianne Swanson [marianne.swanson@nist.gov] Elaine Frye [elaine.frye@nist.gov] FORUM ACTIVITIES On May 21, 2002, the National Institute of Standards and Technology (NIST) and the Federal Computer Security Program Managers' Forum sponsored two IT Security Metrics Workshops designed to help Federal personnel with OMB FY 2002 Government Information Security Reform Act (GISRA) draft reporting guidance. Approximately 75 Federal government employees attended these workshops, where they learned to develop IT security metrics that align with NIST Special Publication (SP) 800-26 Self Assessment Guide for Information Technology Systems critical elements. This document captures the proceedings of these workshops, including the original metrics developed by breakout groups, a critique of each metric developed, and a corresponding ideal metric. The ideal metrics, which were derived from the metrics the workshop participants developed, will be used as examples in the upcoming NIST Special Publication on Development and Implementation of System Security Metrics. The document will expand on the topics presented in the workshop and contain example metrics and implementation guidance for measuring the critical elements contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems." The document will be available for public review in September 2002. A copy of the workshop presentation, a blank Metrics Form, and the workshop proceedings are available for download. IT Security Metrics Workshop Presentation, Zipped file Blank Metrics Form, Powerpoint file IT Security Metrics Workshop Proceedings, .pdf file
|
: |
Last updated: June 26, 2002 Page created: February 23, 2001 Disclaimer Notice & Privacy Statement / Security Notice Send comments or suggestions to webmaster-csrc@nist.gov NIST is an Agency of the U.S. Commerce Department's Technology Administration |