NIST (U.S. National Institute of Standards and Technology)
http://www.nist.gov
Die Webseite vom NIST (Stand 23.5.2003) erklärt die Bedeutung dieser auf
vielfältigen Gebieten arbeitenden Standardisierungs-Organisation, die weit über
die Arbeiten des DIN in Deutschland (DIN = Deutsches Institut für Normung e.V.;
www.din.de) hinausgehen.
"From automated teller machines and atomic clocks to mammograms and
semiconductors, innumerable products and services rely in some way on
technology, measurement, and standards provided by the National Institute of
Standards and Technology.
Founded in 1901, NIST is a non-regulatory federal agency within the U.S.
Commerce Department's Technology Administration. NIST's mission is to develop
and promote measurement, standards, and technology to enhance productivity,
facilitate trade, and improve the quality of life. NIST carries out its mission
in four cooperative programs:
-
the NIST Laboratories, conducting research that advances the nation's
technology infrastructure and is needed by U.S. industry to continually improve
products and services;
-
the Baldrige National Quality Program;
-
the Manufacturing Extension Partnership; and
-
the Advanced Technology Program."
NIST hat ein operatives Budget von ca. 864 Millionen USD und beschäftigt rund
3.000 Wissenschaftler, Ingenieure, Techniker und Support- und
Administrationspersonal.
Ungefähr 1.600 Gastforscher ergänzen die Belegschaft.
Insbesondere auf dem Gebiet der IT-Sicherheit arbeitet die Computer Security
Division (CSD) - eine von acht Divisions innerhalb des NIST Information
Technology Laboratory.
Innerhalb von CSD bietet das Computer Security Resource Center (CSRC) vielfältige
Unterstützung, um die IT-Sicherheit zu verbessern.
Ein Auszug aus der Webseite beschreibt das folgendermaßen:
CSD's work is grouped into five major categories (Program Areas):
-
Cryptographic Standards and Applications:
Focus is on developing cryptographic methods for protecting the integrity,
confidentiality, and authenticity of information resources.
-
Advanced Encryption Standard (AES)
-
Cryptographic Standards Toolkit
-
Encryption Key Recovery and S/MIME
-
Public Key Infrastructure (PKI)
-
Security Testing:
Focus is on working with government and industry to establish more secure
systems and networks by developing, managing and promoting security assessment
tools, techniques, services, and supporting programs for testing, evaluation
and validation.
-
Security Research / Emerging Technologies:
Focus is on research necessary to understand and enhance the security utility
of new technologies while also working to identify and mitigate
vulnerabilities.
-
Authorization Management and Advanced Access Control Models (AM&AACM)
-
Automated Security Functional Testing
-
Critical Infrastructure Grants Program
-
IPSec
-
Mobile Computing Security (formerly known as MAIDS)
-
Smart Card Security and Research
-
Security Management and Guidance:
Focus is on developing security management guidance, addressing such areas as:
risk management, security program management, training and awareness.
-
Outreach, Awareness and Education:
Focus is on activities to support wider awareness of the importance and need
for IT security, promoting the understanding of IT security vulnerabilities.
So the mission of NIST's Computer Security Division is to improve information
systems security by:
-
erging technologies;
-
Researching, studying, and advising agencies of IT vulnerabilities and devising
techniques for the cost-effective security and privaRaising awareness of IT
risks, vulnerabilities and protection requirements, particularly for new and
emcy of sensitive Federal systems;
-
Developing standards, metrics, tests and validation programs:
-
to promote, measure, and validate security in systems and services
-
to educate consumers and
-
to establish minimum security requirements for Federal systems
-
Developing guidance to increase secure IT planning, implementation, management
and operation.
Vom NIST stammen z.B. die Standards: