Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory."— Presentation transcript:

1 November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory

2 November 9, 19992 Agenda n Who we are n Computer security program n NIST partnerships n Summary

3

4 November 9, 19994 Promote the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure for information technology n Advanced Network Technologies n Computer Security n Distributed Computing and Information Services n High Performance Systems and Services n Information Access and User Interfaces n Mathematical and Computational Sciences n Software Diagnostics and Conformance Testing n Statistical Engineering

5 November 9, 19995 NIST Mandate for Computer Security n Develop standards and guidelines for the Federal government n Improve the competitiveness of the American IT industry

6 November 9, 19996 Computer Security Division Mission Computer Security Division Mission To improve the state-of-the-art in information security through: Guidance Awareness Standards, Metrics, Tests Awareness - of IT vulnerabilities and protection requirements Standards, Metrics, Tests - to promote, measure, and validate security improvements and enable confidence for marketplace transactions and minimum standards for Federal systems Guidance - to increase effective security planning and implementation of cost-effective security in Federal systems

7 November 9, 19997 Agenda n Who we are n Computer security program n NIST partnerships n Summary

8 November 9, 19998 Security Program Strategy n Collaboration with industry and government –Work to develop IT specifications and conformance tests to promote secure, interoperable products and systems –Develop standards in cooperation with industry and voluntary consensus standards bodies to promote and protect USG and IT industry interests n Acting as “honest broker”

9 November 9, 19999 Security Program Strategy (Concluded) n Focus on Improving the security of products and systems –Develop standards for secure, interoperable products –Validate conformance of commercial products to selected Federal Information Processing Standards (FIPS) –Perform research and conduct studies to identify vulnerabilities and devise solutions –Develop new test methods and procedures that will make testing of security requirements/ specifications more efficient and cost effective

10 November 9, 199910 Key Components of NIST’s Computer Security Program n Security standards development n Security testing n Exploring new security technologies n Assistance and guidance

11 November 9, 199911 Security Standards Development n Work with industry and government to develop standards for computer security –Cryptography –Policies, management, and operational controls –Best practices –Common Criteria –Public Key Infrastructure (PKI)

12 November 9, 199912 Key Efforts -- Standards n AESAdvanced Encryption Standard n FIPS 46-3Triple Data Encryption Standard (DES) n DSS Upgradeto include RSA, Elliptic Curve n SHA-2 Upgrade of SHA-1 n FIPS 140-2Upgrade of 140-1 n X9.82Random Number Generator n Key ExchangeKey Exchange/Agreement Standard(s) n ISO 15408Common Criteria v.2 n IETFPKIX, IPSec, DNSSec, etc. n ISO 15292/15446Protection Profile Registration and Development Guidance n FIPAFoundation for Intelligent Physical Agents n PKISecurity Requirements for Certificate Issuing and Management Components (CIMCs)

13 November 9, 199913 Security Testing n Develop the tests, tools, profiles, methods, and implementations for timely, cost effective evaluation and testing n Validation –Cryptographic Module Validation Program (CMVP) –National Information Assurance Partnership (NIAP) n Conformance and interoperability testing –MISPC –IPv6 test resource

14 November 9, 199914 Key Efforts -- Testing n Crypto Module Validation Program n Algorithm Testing n Random Number Generator Testing n MISPC Testing n Certificate Authority Testing n Firewall Security & Evaluation Tests n Telecommunications Switch Security n Protection Profile Testing n Automated Test Development/Generation n Common Criteria Evaluation and Validation Scheme n Laboratory Accreditation

15 November 9, 199915 Exploring New Security Technologies n Identify and use emerging technologies, especially infrastructure niches n Develop prototypes, reference implementations, and demonstrations n Transition new technology and tools to public & private sectors n Advise Federal agencies

16 November 9, 199916 Key Efforts -- New Technologies n Role-Based Access Control n Policy Management n Intrusion Detection n Mobile Agents n Automated Security Test Generation n IPSec/web interface testing n Security Service Interfaces

17 November 9, 199917 Assistance and Guidance n Assist U.S. Government agencies and other users with technical security and management issues n Assist in development of security infrastructures n Develop or point to cost-effective security guidance n Actively transfer security technology and guidance from NIST to agencies/industry n Support agencies on specific security projects on a cost- reimbursable basis

18 November 9, 199918 Key Efforts -- Assistance and Guidance n NIST Special Publications: –800-18, “Guide for Developing Security Plans for Information Technology Systems” –800-16, “Information Technology Security Training Requirements” –“Guideline for Implementing Cryptography in the Federal Government” (Forthcoming) –“Security Incident Handling -- A Cooperative Approach” n ITL Bulletins (1999): –November Intrusion Detection –September Securing Web Servers –August The Advanced Encryption Standard: A Status Report –May Computer Attacks: What They Are and How to Defend Against Them

19 November 9, 199919 Agenda n Who we are n Computer security program n NIST partnerships n Summary

20 November 9, 199920 In carrying out NIST’s programs, we don’t work alone...

21 November 9, 199921 IT Industry Federal Agencies Standards Community Academia Testing Labs NIST Outreach ACM Workshops on Access Control Agency Assistance Federal Computer Security Training Resource Center Best Practice Task Force CIO Council Security Privacy-Critical Infrastructure Computer System Security & Privacy Advisory Board (CSSPAB) Critical Infrastructure Protection Department of Justice Executive Advisory Team Director Forum of CIO Council DoC/CIO Contingency Planning Affinity Group FedCIRC Partners Federal Computer Security Program Managers' Forum Federal Information Systems Security Educators' Association (FISSEA) Federal Public Key Infrastructure Steering Committee & Subgroups Forum for Privacy & Security in Healthcare High Performance Computing and Communications Information Industry Group INFOSEC Research Council National Colloquium for Information Systems Security Education (NCISSE) National Science Foundation Career Proposal Review Panel National Security Telecommunications & Information Systems Security Committee (NSTISSC) Network Security Information Exchange NIST-NSA Technical Working Group Open Source Security Working Group Smart Card Security Users Group American Bar Association Information Security Ctte Common Criteria Mutual Recognition Arrangement Management Ctte Critical Infrastructure Coordination Group Education & Awareness Ctte Federal Public Key Infrastructure Technical Working Group Forum for Privacy & Security in Healthcare Information Industry Group National Colloquium for Information Systems Security Education (NCISSE) National Science Foundation Career Proposal Review Panel Nat'l Ctte for Information Technology Standards, T3-Open Distributed Processing Network Security Information Exchange Smart Card Security Users Group Steering Ctte Member of ACM Workshop on Access Control CEAL: a Cygnacom Solutions Laboratory DOMUS IT Security Laboratory, A Division of LGS Group, Inc. InfoGard Laboratories, Inc. ANSI Accredited Standards Committee X9F3 ANSI X9.82 Random Number Generation Standard ANSI X9F, X9F1, X9F3 ANSI-NCITS T4 Computer Security Nat'l Committee for Information Technology Standards, Technical Committee T3-Open Distributed Processing NIST-NSA Technical Working Group IETF S/MIME V3 Working Group IETF Public Key Infrastructure Working Group (PKIX) IETF Internet Protocol Security (IPSEC) Internet Protocol Secure Policy (IPSP) Internet Protocol Secure Remote Access (IPSRA) ISO/Internat'l Electrotechnical Commission Joint Technical Committee 1 ISO JTCI SC27 Computer Security Smart Card Security Users Group Critical Infrastructure Coordination Group Education & Awareness Ctte National Colloquium for Information Systems Security Education (NCISSE)

22 November 9, 199922 How we improve security through standards and testing Key Theme: Improving Security Products

23 November 9, 199923 Develop security standards Identify needs for security standards - industry and government Therefore… Security is Improved! Test products against security standards Vendors improve products Users get more secure products

24 November 9, 199924 Agenda n Who we are n Computer security program n NIST partnerships n Summary

25 November 9, 199925 Summary & Conclusions n Raising awareness of the need for cost-effective security n Engaging in key U.S. voluntary standards activities n Developing standards and guidelines to secure Federal systems (often adopted voluntarily by private sector) –Cryptographic algorithms –Policy, management, operations, and best practices guidance –PKI n Providing National leadership role for security testing and evaluation –Cryptographic Module Validation Program –National Information Assurance Partnership NIST is improving security by:

26 November 9, 199926 Yet, there is more we could do...

27 November 9, 199927 President’s 9/99 Proposal for Increasing NIST CIP Activities n Establish an Expert Review Team at NIST –Assist Government-wide agencies in adhering to Federal computer security requirements –Director to consult with OMB and NSC on plans to protect and enhance computer security for Federal agencies n Fund a permanent 15-member team responsible for –Helping agencies identify vulnerabilities –Plan secure systems, and implement CIP plans

28 November 9, 199928 President’s 9/99 Proposal for Increasing NIST CIP Activities (Concluded) n Establish an operational fund at NIST for computer security projects among Federal agencies –Independent vulnerability assessments –Computer intrusion drills –Emergency funds to cover security fixes for systems identified to have unacceptable security risks

29 November 9, 199929 Questions?

Download ppt "November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory."

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,

Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.

NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
Alabama GIS Executive Council November 17, 2009. Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.

Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Advancing Government through Collaboration, Education and Action Financial Innovation and Transformation Shared Services Workshop March 17, 2015.

Advancing Government through Collaboration, Education and Action Financial Innovation and Transformation Shared Services Workshop March 17, 2015.
Session 121 National Incident Management Systems Session 12 Slide Deck.

Session 121 National Incident Management Systems Session 12 Slide Deck.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009.

An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google