go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:
 
 

 CSD Publications:
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance
   - Outreach Awareness
       & Education
   - FISMA Implementation
       Project

 General Information:
   - Site Map
   - List of Acronyms
    - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

 News & Events  
   - Federal News
   - Security Events

 Services For the: 
   - Federal Community
   - Vendor
   - User

 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 Search NIST's ICAT
 Vulnerability Archive:
   Enter vendor, software, or keyword
   
   
Federal Computer Security Program Managers' Forum Header image

Welcome to the Federal Computer Security Program Managers' Forum ("Forum") website. The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of computer security information among federal agencies. The Forum hosts the Federal Agency Security Practices web site, maintains an extensive e-mail list, and holds bi-monthly meetings to discusses current issues and developments of interest to those responsible for protecting sensitive (unclassified) federal systems [except "Warner Amendment" systems, as defined in 44 USC 3502 (2)]. Marianne Swanson of NIST serves as the Chairperson. The Forum is assisted by a Steering Committee, which helps plan meetings by identifying topics and speakers of interest to the members. NIST serves as the secretariat of the Forum, providing necessary administrative and logistical support.  

OBJECTIVES of the Forum are:

  • to provide an ongoing opportunity for managers of federal computer security programs to exchange computer security materials and information of use to other programs in a timely manner, build upon the experiences of other programs, and reduce possible duplication of effort;

  • to provide an organizational mechanism for NIST to exchange information directly with federal agency computer security program managers in fulfillment of its leadership mandate under the Computer Security Act of 1987;

  • to establish and maintain relationships with other individuals or organizations that are actively addressing computer security issues within the federal government; and

  • to establish and maintain a strong proactive stance identifying and resolving strategic and tactical computer security issues involved in the development and application of new and emerging information technologies.

FORUM MEMBERSHIP

New members are always welcomed! Participation in Forum meetings is open to federal government employees who participate in the management of their organization's computer security program. To join the Forum, please provide your name, title, federal agency, mailing address, telephone, fax and e-mail to Elaine Frye at NIST (fax 301-926-2733 or e-mail at "Elaine.Frye@nist.gov"). There are no membership dues.

POINTS OF CONTACT

Marianne Swanson [marianne.swanson@nist.gov]

Elaine Frye [elaine.frye@nist.gov]

FORUM ACTIVITIES

On May 21, 2002, the National Institute of Standards and Technology (NIST) and the Federal Computer Security Program Managers' Forum sponsored two IT Security Metrics Workshops designed to help Federal personnel with OMB FY 2002 Government Information Security Reform Act (GISRA) draft reporting guidance. Approximately 75 Federal government employees attended these workshops, where they learned to develop IT security metrics that align with NIST Special Publication (SP) 800-26 Self Assessment Guide for Information Technology Systems critical elements. This document captures the proceedings of these workshops, including the original metrics developed by breakout groups, a critique of each metric developed, and a corresponding ideal metric.

The ideal metrics, which were derived from the metrics the workshop participants developed, will be used as examples in the upcoming NIST Special Publication on Development and Implementation of System Security Metrics. The document will expand on the topics presented in the workshop and contain example metrics and implementation guidance for measuring the critical elements contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems." The document will be available for public review in September 2002. A copy of the workshop presentation, a blank Metrics Form, and the workshop proceedings are available for download.

IT Security Metrics Workshop Presentation, Zipped file

Blank Metrics Form, Powerpoint file

IT Security Metrics Workshop Proceedings, .pdf file

 

Top of Page | Back to Organization Page | CSRC Home Page

 :
Last updated: June 26, 2002
Page created: February 23, 2001
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to webmaster-csrc@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration