Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
Annual reports after 1995 are found on the GSA web page at: Federal Advisory Committee Act (FACA) . When you reach the site, please select “The Annual Report of the President on Federal Advisory Committees – 1972-1998.” (http://www.facadatabase.gov/rpt/printedannualreports.asp) To view reports and information, please select “SEARCH” the third tab from left/second from right, and enter “Information Security” and “current” to view current report on the Information Security and Privacy Advisory Board. From this page, you can also view past committee history by selecting “Committee History” on right corner of the top of this page.
To view ISPAB Annual Reports from 1989-1995.
A report on the ISPAB is also included in NIST Computer Security Division Annual Report every year.
April 2017
Government Website Security, Federal Bug Bounty Programs, Voting as Critical Infrastructure, Distributed Denial of Service Attacks
Letter -- ISPAB submitted a letter to the Acting Undersecretary of Commerce and Director, NIST, and to the Director, OMB relating to views of the board in areas of concern, priority and emphasis that are worthy of further exploration and highlight.
November 2016
President's Cybersecurity National Action Plan (CNAP)
ISPAB sends a letter to NIST and OMB regarding the President's Cybersecurity National Action Plan (CNAP) and plans for the transition to the incoming Administration. The letter offers the Board's view of several privacy and security issues that we believe should be priorities for the next Administration.
Letter to The Honorable Shaun Donovan, Director, U.S. Office of Management and Budget, Washington, DC and also addressed to The Honorable Dr. Willie E. May, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.
April 2016
FIPS 140 and use of ISO/IEC 19790
ISPAB submitted a recommendation letter to Director, NIST, relating to NIST’s plans to update FIPS 140 (Federal Information Processing Standard Publication 140-2 Security Requirements for Cryptographic Modules) and the specific use of International Standard, ISO/IEC 19790 Information technology – Security techniques – Security requirements for cryptographic modules
Letter to The Honorable Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.
Letter: The Director of NIST responded to the Chair, ISPAB
January 2016
Quantum Computing
Letter: The Director of NIST responded to the Chair, ISPAB, on recommendation letter submitted in October 2015 relating to quantum computing.
October 2015
Quantum Computing
Letter: ISPAB submitted a recommendation letter to Director, NIST, and Director, Office of Management and Budget, relating to quantum computing. The letter was approved by the ISPAB at the meeting in October 2015.
July 2015
Realignment within NIST's ITL - adding another division devoted to cybersecurity
A letter addressed to Dr. Willie E. May to endorse the realignment within ITL to add another Division devoted to cybersecurity.
July 2015
Department of Commerce Review Risk Management Process
A letter to Dr. Willie E. May in recommending the US Department of Commerce to review the internal risk management process, especially for the export control program.
November 2014
Mobile Device and Derived Credentials
A letter was submitted to Director, OMB with copy to Acting Director, National Institute of Standards and Technology, recommending the review and re-issuance of OMB memorandum M-06-16, in order to enable new remote work scenarios that are efficient, usable, and secure. This is based on the understanding of the difficulty of authenticating from mobile devices to access government systems.
January 2014
NIST Cybersecurity Framework
A letter was submitted to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending the inclusion of a privacy methodology consistent with the Fair Information Practice Principles (FIPPs). The letter also commended on NIST’s work and collaboration in drafting the preliminary framework.
January 2014
NIST Cryptographic Standards
After reviewing NIST cryptographic standards at the Board’s December 2013 meeting, the Board submitted a letter to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, commending on NIST’s encryption standards development process and NIST’s interest in exploring new institutional partnerships to build on the credibility of its program.
June 2013
Submission of comments to FDA draft guidance entitled ‘‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
In response to FDA’s draft guidance issued on June 14, 2013, ISPAB submitted the recommendation letter sent to OMB in April 2012 as comments.
June 2013
NIST Cybersecurity Framework
A letter submitted to the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending that NIST, DHS, and the sector agencies to engage the leadership of NIPP SCC’s and GCC’s in the creation of the Framework.
March 2013
NIST Special Publication 800-53 Revision 4
The letter submitted to the Deputy Director, US Office of Management and Budget, describing the reasons for ISPAB support for the adoption of this publication.
February 2013
Privacy and Civil Liberties Oversight Board (PCLOB)
A letter of recommendation was submitted to the Deputy Director, US Office of Management and Budget, and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology. The letter conveys the ISPAB’s support for establishing the PCLOB so that it can serve the role intended in the President’s Executive Order (EO) on Improving Critical Infrastructure Cybersecurity.
July 2012
The letter of recommendations submitted to the Deputy Director, US Office of Management and Budget, relating to the discussion on sharing information on cyber threats and indicators.
Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.April 2012
The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the risks of outdated computer operating systems used by Federal Agencies.
Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.April 2012
The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the importance of maintaining security in medical devices.
Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.February 2012
The letter provides recommendations to the Under Secretary of Commerce for Standards and Technology for raising national awareness in future Cybersecurity Awareness Months.
Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.November 2011
The letter is requesting the Under Secretary of Commerce for Standards and Technology to review a paper presented by Dr. Fred Schneider. Dr. Schneider's work, done in collaboration with Deirdre Mulligan, discusses the need to build a shared understanding of cyber security doctrine as a key underpinning of cyber policy and practice.
Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.March 2011
The letter offers recommendations to the Under Secretary re. goals for a research program to support NSTIC.
Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.September 2010
The letter provides initial recommendations to OMB re. leadership for Initiative 8 of the Comprehensive National Cybersecurity Initiative, regarding Cyber Education. This is intended to help NIST, OMB, and the Administration in addressing certain gaps to enhance the chances for success at the outset of its leadership for this key national program.
Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.January 2010
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding some difficult technical problems concerning security and privacy for access to patient data. It discusses two technical areas that have particular importance in IT for healthcare delivery in building trustworthy computing systems.
Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.October 2009
This letter offers recommendations of the Information Security and Privacy Advisory Board to the NIST ITL Director on their proposed reorganization, and specifically those elements of the reorganization that would impact the Computer Security Division and NIST’overall role regarding Federal agency information security.
Letter to Ms. Cita Furlani, Director, Information Technology Laboratory, National Institute of Standards and Technology.May 2009
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding updating privacy law and policy in light of technological change.
Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.December 2008
Einstein Program Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the Einstein Program.
July 2008
FISMA Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the efficacy of security metrics in regard to FISMA.
July 2008
EBK Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the information Security Essential Body of Knowledge (EBK) project.
September 2007
COOP Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board, that OMB and NIST work with DHS and other involved agencies to issue guidance on incorporating sound security and privacy practices into emergency response.
September 2007
REAL ID Letter:
This letter offers the comments and advice of the Information Security and Privacy Advisory Board's, concept of the issues and views on the Real ID program’s use of encryption.
June 2006
Subject: This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on progress of the National Information Assurance Program (NIAP) review since its initiation in mid-2004. It provided recommendations on the key issues with NIAP.
Letter to The Honorable Rob Portman, Director, Office of Management and Budget.January 2005
This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on Section 522 of the Consolidated Appropriations Act of 2005, Division H Transportation/Treasury, which provides for the establishment of statutory Chief Privacy Officers in Federal departments and agencies and prescribes certain actions to meet Federal government privacy management responsibilities.
Letter to The Honorable Joshua Bolten, Director, Office of Management and Budget.August 2004
The Board produced the report "The National Institute of Standards and Technology Computer Security Division: The Case for Adequate Funding" in June 2004. A letter transmitting the final report and Board recommendations for consideration was submitted to the Honorable Joshua B. Bolten, Director of the OMB.
Letter to The Honorable Joshua Bolten, Director, Office of Management and Budget.August 2002
Final Report "Computer System Security and Privacy Advisory Board Findings and Recommendations on Government Privacy Policy Setting and Management," was approved by the Board at their September 17-19, 2002, meeting
January 2003
September 15, 2004
Subject: Report on funding for the cyber security program at the National Institute of Standards and Technology (NIST) prepared by ISPAB.
Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.June 2004
Subject: Request for Board's advice on a list of activities that would be useful for both the Board and NIST to meet our respective statutory responsibilities for FY 2005.
Letter to Mr. Franklin S. Reeder, Chairman, Information Security and Privacy Advisory Board (ISPAB). From Mr. Ed Roback, Division Chief, Computer Security Division, NIST.October 30, 2003
Subject: The issue of agencies using Web-based transactions to provide "e-government" services to members of the public. A key issue was whether (and how) an application might place program code (often referred to as "plug-ins" or "mobile code") into the user's browser.
Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.August 20, 2003
Subject: The e-Authentication initiative and the importance of establishing privacy policies and practices as mandatory components of technical models and systems being considered to support e-authentication services.
Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.April 8, 2003
Subject: Discussion of considerations the Board feels are important to the ongoing development of the National Strategy to Secure Cyberspace, issued February, 2003.
Letter to The Honorable Mitchell E. Daniels, Jr., Director, Office of Management and Budget.December 20, 2002
Subject: The Board's observations and recommendations on the September draft of the Strategy to Secure Cyberspace.
Letter to Mr. David Howe, Chief of Staff, Office of Cyberspace Security.May 20, 2002
Subject: Final draft of a report of the Computer System Security and Privacy Advisory Board adopted at its March 2002 meeting.
Letter to The Honorable Donald L. Evans, Secretary of Commerce.December 14, 2001
Subject: Support of initiative of the National Security Council and the Partnership for Critical Infrastructure Security to educate home users and small business owners on computer security measures.
Letter to The Honorable Donald L. Evans, Secretary of Commerce.April 9, 2001
Subject: Board's views on the Subcommittee's publication "First Report Card on Computer Security at Federal Departments and Agencies."
Letter to The Honorable Stephen Horn, Chairman, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, House Committee on Government Reform.1995
1995 ANNUAL REPORT1994
1994 ANNUAL REPORT1993
1993 ANNUAL REPORT1992
1992 ANNUAL REPORT1991
1991 ANNUAL REPORT1990
1990 ANNUAL REPORT1989
1989 ANNUAL REPORTIf you have any questions or need information please e-mail Matthew Scholl.