go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Assistance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - National Vulnerability
        Database

 News & Events  
   - Federal News
   - Security Events


 Services For the: 
   - Federal Community
   - Vendor
   - User
   - Small/Medium
     Businesses


 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 NIST's National
 Vulnerability Database:
Search for Vulnerabilities
Enter vendor, software, or keyword

Of particular interest to Government Agencies
Federal organizations may be particularly interested in the following NIST security programs and services. These are grouped by: 1) security policies, standards and guidelines; 2) security validated products, 3) training and education, and 4) collaborative work and services.

Security Policies

Security Validated Products

  • Validated Products - NIST operates security testing programs for IT products: the Cryptographic Module Validation Program (CMVP). A list of validated products is available at the CMVP page.

    • The Cryptographic Module Validation Program, jointly led by NIST and the Government of Canada's Communications Security Establishment, provides for the voluntary testing of cryptographic modules (both hardware and software). Testing is conducted against the security specifications detailed in Security Requirements for Cryptographic Modules. Testing is also conducted to help assure the correct implementation of specific cryptographic algorithms approved to protect sensitive information in the Federal government. Within the Federal government, use of cryptographic modules that have been validated under the CMVP has been made mandatory. Note that cryptographic modules are not typically sold directly to consumers but are integrated into commercially available products. Contact: Ray Snouffer

Training and Education

  • Computer Security Resource Center - This site contains information about a variety of computer security issues, products, and research of concern to Federal agencies, industry, and users. This site is operated and maintained by NIST's Computer Security Division as a service to the computer security and IT community. Contact: William Barker

  • Software Vulnerability & Patch Information - NIST provides an on-line searchable index of information on computer vulnerabilities known as ICAT. It provides search capability at a fine granularity and links users to vulnerability and patch information. This tool can help agencies ensure that their software is patched and protected against widely known vulnerabilities. Contact: Vincent Hu

  • Details at NIST - Opportunities are available at NIST for 6 to 24 month long details at NIST in the security program. Qualified individuals should contact the Computer Security Division and provide a statement of qualifications and indicate the area of work that is of interest. Generally speaking, the salary costs are borne by the sponsoring agency; however, in some cases, agency salary costs may be reimbursed by NIST. Contact: William Barker

Collaborative Work and Services

  • Security Research - NIST occasionally undertakes security work, primarily in the area of research, funded by other agencies. Such sponsored work is accepted by NIST when it can cost-effectively furthers the goals of NIST and the sponsoring institution. Contact: Tim Grance

  • Program Review for Information Security Management Assistance (PRISMA) - The NIST Program Review for Information Security Management Assistance (PRISMA) is an new capability which builds upon NIST's former Computer Security Expert Assistance (CSEAT) Team function and has been revised to include more review options and incorporate guidance contained in Special Publication 800-53, Recommended Security Controls for Federal Information Systems. The PRISMA is based upon existing federal directives including the Federal Information Security Management Act (FISMA), NIST guidance and other proven techniques and recognized best practices in the area of information security. Contact: Elizabeth Chew

  • Federal Computer Security Program Managers' Forum -
  • The Forum is an informal group sponsored and chaired by NIST to promote the sharing of computer security information among federal agencies. The Forum discusses current issues and developments of interest to those responsible for protecting sensitive (unclassified) systems. Half-day meetings of the Forum are held bi-monthly in the Washington, DC area (often at the NIST campus in Gaithersburg, Maryland). Forum meetings typically include briefings on topics of general interest to the federal community and provide time for informal sharing of information and requests for assistance regarding the security of federal systems. The Forum also supports the Federal Agency Security Practices (FASP) website. The FASP site contains federal agency policies, procedures and practices, the Federal Chief Information Officers' Council pilot Best Security Practices (BSPs) and a Frequently-Asked-Questions (FAQ) section. The FAQ section is comprised of questions and answers on computer security related issues between the members of the Forum. Contact: Marianne Swanson


 

Last updated: October 26, 2006
Page created: February 23, 2001