NIST (U.S. National Institute of Standards and Technology)

http://www.nist.gov

Die Webseite vom NIST (Stand 23.5.2003) erklärt die Bedeutung dieser auf vielfältigen Gebieten arbeitenden Standardisierungs-Organisation, die weit über die Arbeiten des DIN in Deutschland (DIN = Deutsches Institut für Normung e.V.; www.din.de) hinausgehen.

"From automated teller machines and atomic clocks to mammograms and semiconductors, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST carries out its mission in four cooperative programs:

NIST hat ein operatives Budget von ca. 864 Millionen USD und beschäftigt rund 3.000 Wissenschaftler, Ingenieure, Techniker und Support- und Administrationspersonal.

Ungefähr 1.600 Gastforscher ergänzen die Belegschaft.

Insbesondere auf dem Gebiet der IT-Sicherheit arbeitet die Computer Security Division (CSD) - eine von acht Divisions innerhalb des NIST Information Technology Laboratory.

Innerhalb von CSD bietet das Computer Security Resource Center (CSRC) vielfältige Unterstützung, um die IT-Sicherheit zu verbessern.

Ein Auszug aus der Webseite beschreibt das folgendermaßen:

CSD's work is grouped into five major categories (Program Areas):

  1. Cryptographic Standards and Applications:
    Focus is on developing cryptographic methods for protecting the integrity, confidentiality, and authenticity of information resources.

  2. Security Testing:
    Focus is on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.

  3. Security Research / Emerging Technologies:
    Focus is on research necessary to understand and enhance the security utility of new technologies while also working to identify and mitigate vulnerabilities.

  4. Security Management and Guidance:
    Focus is on developing security management guidance, addressing such areas as: risk management, security program management, training and awareness.

  5. Outreach, Awareness and Education:
    Focus is on activities to support wider awareness of the importance and need for IT security, promoting the understanding of IT security vulnerabilities.

So the mission of NIST's Computer Security Division is to improve information systems security by:

Vom NIST stammen z.B. die Standards: