NIST (U.S. National Institute of Standards and Technology)
http://www.nist.gov
The web page of NIST (date May 23, 2003) explains on how many areas this
standardization organisation is working [these tasks are much broader than
those of the German DIN (DIN = German Institute for standardization;
www.din.de)].
From automated teller machines and atomic clocks to mammograms and
semiconductors, innumerable products and services rely in some way on
technology, measurement, and standards provided by the National Institute of
Standards and Technology.
Founded in 1901, NIST is a non-regulatory federal agency within the U.S.
Commerce Department's Technology Administration. NIST's mission is to develop
and promote measurement, standards, and technology to enhance productivity,
facilitate trade, and improve the quality of life. NIST carries out its mission
in four cooperative programs:
-
the NIST Laboratories, conducting research that advances the nation's
technology infrastructure and is needed by U.S. industry to continually improve
products and services;
-
the Baldrige National Quality Program;
-
the Manufacturing Extension Partnership; and
-
the Advanced Technology Program.
NIST has an operating budget of about $864 million and employs about 3,000
scientists, engineers, technicians, and support and administrative personnel.
About 1,600 guest researchers complement the staff.
Especially in the area of IT security works the Computer Security Division (CSD)
- one of eight divisions within NIST's Information Technology Laboratory.
Within CSD the Computer Security Resource Center (CSRC) offers various
support to improve IT security.
CSD's work is grouped into five major categories (Program Areas):
Cryptographic Standards and Applications:
-
Cryptographic Standards and Applications:
Focus is on developing cryptographic methods for protecting the integrity,
confidentiality, and authenticity of information resources.
-
Advanced Encryption Standard (AES)
-
Cryptographic Standards Toolkit
-
Encryption Key Recovery and S/MIME
-
Public Key Infrastructure (PKI)
-
Security Testing:
Focus is on working with government and industry to establish more secure
systems and networks by developing, managing and promoting security assessment
tools, techniques, services, and supporting programs for testing, evaluation
and validation.
-
Security Research / Emerging Technologies:
Focus is on research necessary to understand and enhance the security utility
of new technologies while also working to identify and mitigate
vulnerabilities.
-
Authorization Management and Advanced Access Control Models (AM&AACM)
-
Automated Security Functional Testing
-
Critical Infrastructure Grants Program
-
IPSec
-
Mobile Computing Security (formerly known as MAIDS)
-
Smart Card Security and Research
-
Security Management and Guidance:
Focus is on developing security management guidance, addressing such areas as:
risk management, security program management, training and awareness.
-
Outreach, Awareness and Education:
Focus is on activities to support wider awareness of the importance and need
for IT security, promoting the understanding of IT security vulnerabilities.
So the mission of NIST's Computer Security Division is to improve information
systems security by:
-
erging technologies;
-
Researching, studying, and advising agencies of IT vulnerabilities and devising
techniques for the cost-effective security and privaRaising awareness of IT
risks, vulnerabilities and protection requirements, particularly for new and
emcy of sensitive Federal systems;
-
Developing standards, metrics, tests and validation programs:
-
to promote, measure, and validate security in systems and services
-
to educate consumers and
-
to establish minimum security requirements for Federal systems
-
Developing guidance to increase secure IT planning, implementation, management
and operation.
NIST published e.g. the standards: