NIST (U.S. National Institute of Standards and Technology)

http://www.nist.gov

The web page of NIST (date May 23, 2003) explains on how many areas this standardization organisation is working [these tasks are much broader than those of the German DIN (DIN = German Institute for standardization; www.din.de)].

From automated teller machines and atomic clocks to mammograms and semiconductors, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST carries out its mission in four cooperative programs:

NIST has an operating budget of about $864 million and employs about 3,000 scientists, engineers, technicians, and support and administrative personnel.

About 1,600 guest researchers complement the staff.

Especially in the area of IT security works the Computer Security Division (CSD) - one of eight divisions within NIST's Information Technology Laboratory.

Within CSD the Computer Security Resource Center (CSRC) offers various support to improve IT security.

CSD's work is grouped into five major categories (Program Areas):

Cryptographic Standards and Applications:

  1. Cryptographic Standards and Applications:
    Focus is on developing cryptographic methods for protecting the integrity, confidentiality, and authenticity of information resources.

  2. Security Testing:
    Focus is on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.
  3. Security Research / Emerging Technologies:
    Focus is on research necessary to understand and enhance the security utility of new technologies while also working to identify and mitigate vulnerabilities.
  4. Security Management and Guidance:
    Focus is on developing security management guidance, addressing such areas as: risk management, security program management, training and awareness.
  5. Outreach, Awareness and Education:
    Focus is on activities to support wider awareness of the importance and need for IT security, promoting the understanding of IT security vulnerabilities.

So the mission of NIST's Computer Security Division is to improve information systems security by:

NIST published e.g. the standards: