[Federal Register: May 25, 2000 (Volume 65, Number 102)] [Notices] [Page 33808-33809] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr25my00-47] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology Announcing a Meeting of the Computer System Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice of meeting. ----------------------------------------------------------------------- [[Page 33809]] SUMMARY: Pursuant to the Federal Advisory Committee Act, 5 U.S.C. App., notice is hereby given that the Computer System Security and Privacy Advisory Board (CSSPAB) will meet Tuesday, June 13, 2000, Wednesday, June 14, 2000, and Thursday, June 15, 2000, from 9:00 a.m. to 5:00 p.m. The Advisory Board was established by the Computer Security Act of 1987 (Pub. L. 100-235) to advise the Secretary of Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems. All sessions will be open to the public Details regarding the Board's activities are available at http://csrc.nist.gov/csspab/. DATES: The meeting will be held on June 13-15, 2000, from 9 a.m. to 5 p.m. ADDRESSES: The meeting will take place at the National Institute of Standards and Technology, North Campus, 820 West Diamond Avenue, Gaithersburg, MD in Lecture Room 152. Agenda As part of this meeting, a ``security metrics'' workshop will be held on June 13 and 14, 2000, to examine the approaches to measuring security. The following topics will be explored: --Definitions of ``metrics'' --Measures of security against specific security threats --Measures of overall system security --Qualitative measures, e.g., adherence to ``standards'' or checklists of practices --Live, real-time measures of security in extended networks --Use of statistically-sampled data in measurement systems --Effective communications of metrics, assurance levels and risk management tradeoffs to executives, lawmakers, and the public so that risks and protections are properly understood in both business and public policy terms. The first day of this workshop will be dedicated to presentations from the government, the private sector, and public sector organizations. The second day will consist of case studies presented by a government panel and an industry panel. The last day of the meeting, Thursday, June 15, 2000, the Board will review the progress of the workshop and, as appropriate, plan or recommend follow-on activity. The Board will also devote discussion period to develop the Board's future program and to identify key issues. Public Participation The Board agenda will include a period of time, not to exceed thirty minutes, for oral comments and questions from the public. Each speaker will be limited to five minutes. Members of the public who are interested in speaking are asked to contact the Board Secretariat at the telephone number indicated below. In addition, written statements are invited and may be submitted to the Board. It would be appreciated if 35 copies of written material were available for distribution to the Board and attendees at the meeting no later than June 5, 2000. Approximately 15 seats will be available for the public and media. FOR FURTHER INFORMATION CONTACT: Mr. Edward Roback, Board Secretariat, Information Technology Laboratory, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, telephone: (301) 975-3696. Dated: May 18, 2000. Jorge Urrutia, Acting Director, NIST. [FR Doc. 00-13144 Filed 5-24-00; 8:45 am] BILLING CODE 3510-CN-M