Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Documentation

Annual Reports

Annual reports after 1995 are found on the GSA web page at: Federal Advisory Committee Act (FACA) . When you reach the site, please select “The Annual Report of the President on Federal Advisory Committees – 1972-1998.” (http://www.facadatabase.gov/rpt/printedannualreports.asp) To view reports and information, please select “SEARCH” the third tab from left/second from right, and enter “Information Security” and “current” to view current report on the Information Security and Privacy Advisory Board. From this page, you can also view past committee history by selecting “Committee History” on right corner of the top of this page.

To view ISPAB Annual Reports from 1989-1995.

A report on the ISPAB is also included in NIST Computer Security Division Annual Report every year.

 


Back to Top

Recommendations & Resolutions

April 2017

Government Website Security, Federal Bug Bounty Programs, Voting as Critical Infrastructure, Distributed Denial of Service Attacks
Letter -- ISPAB submitted a letter to the Acting Undersecretary of Commerce and Director, NIST, and to the Director, OMB relating to views of the board in areas of concern, priority and emphasis that are worthy of further exploration and highlight.

November 2016

President's Cybersecurity National Action Plan (CNAP)
ISPAB sends a letter to NIST and OMB regarding the President's Cybersecurity National Action Plan (CNAP) and plans for the transition to the incoming Administration. The letter offers the Board's view of several privacy and security issues that we believe should be priorities for the next Administration.

Letter to The Honorable Shaun Donovan, Director, U.S. Office of Management and Budget, Washington, DC and also addressed to The Honorable Dr. Willie E. May, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

April 2016

FIPS 140 and use of ISO/IEC 19790
ISPAB submitted a recommendation letter to Director, NIST, relating to NIST’s plans to update FIPS 140 (Federal Information Processing Standard Publication 140-2 Security Requirements for Cryptographic Modules) and the specific use of International Standard, ISO/IEC 19790 Information technology – Security techniques – Security requirements for cryptographic modules

Letter to The Honorable Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

Letter: The Director of NIST responded to the Chair, ISPAB

January 2016

Quantum Computing
Letter: The Director of NIST responded to the Chair, ISPAB, on recommendation letter submitted in October 2015 relating to quantum computing.

October 2015

Quantum Computing
Letter: ISPAB submitted a recommendation letter to Director, NIST, and Director, Office of Management and Budget, relating to quantum computing. The letter was approved by the ISPAB at the meeting in October 2015.

July 2015

Realignment within NIST's ITL - adding another division devoted to cybersecurity
A letter addressed to Dr. Willie E. May to endorse the realignment within ITL to add another Division devoted to cybersecurity.

Letter to The Honorable Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

July 2015

Department of Commerce Review Risk Management Process
A letter to Dr. Willie E. May in recommending the US Department of Commerce to review the internal risk management process, especially for the export control program.

Letter to The Honorable Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

November 2014

Mobile Device and Derived Credentials
A letter was submitted to Director, OMB with copy to Acting Director, National Institute of Standards and Technology, recommending the review and re-issuance of OMB memorandum M-06-16, in order to enable new remote work scenarios that are efficient, usable, and secure. This is based on the understanding of the difficulty of authenticating from mobile devices to access government systems.

Letter to The Honorable Shaun Donovan, Director, U.S. Office of Management and Budget, Washington, DC with copy to Dr. Willie E. May, Acting Director, National Institute of Standards and Technology.

January 2014

NIST Cybersecurity Framework
A letter was submitted to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending the inclusion of a privacy methodology consistent with the Fair Information Practice Principles (FIPPs). The letter also commended on NIST’s work and collaboration in drafting the preliminary framework.

Letter to The Honorable Sylvia Mathews Burwell, Director, U.S. Office of Management and Budget, Washington, DC. and
Dr. Patrick Gallagher, Under Secretary of Commerce for Standards and Technology; Director, National Institute of Standards and Technology

January 2014

NIST Cryptographic Standards
After reviewing NIST cryptographic standards at the Board’s December 2013 meeting, the Board submitted a letter to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, commending on NIST’s encryption standards development process and NIST’s interest in exploring new institutional partnerships to build on the credibility of its program.

Letter to The Honorable Sylvia Mathews Burwell, Director, U.S. Office of Management and Budget, Washington, DC. and
Dr. Patrick Gallagher, Under Secretary of Commerce for Standards and Technology; Director, National Institute of Standards and Technology

June 2013

Submission of comments to FDA draft guidance entitled ‘‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
In response to FDA’s draft guidance issued on June 14, 2013, ISPAB submitted the recommendation letter sent to OMB in April 2012 as comments.

Letter to Division of Dockets Management (HFA 305), Food and Drug Administration, Rockville, MD.

June 2013

NIST Cybersecurity Framework
A letter submitted to the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending that NIST, DHS, and the sector agencies to engage the leadership of NIPP SCC’s and GCC’s in the creation of the Framework.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2013

NIST Special Publication 800-53 Revision 4
The letter submitted to the Deputy Director, US Office of Management and Budget, describing the reasons for ISPAB support for the adoption of this publication.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

February 2013

Privacy and Civil Liberties Oversight Board (PCLOB)
A letter of recommendation was submitted to the Deputy Director, US Office of Management and Budget, and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology. The letter conveys the ISPAB’s support for establishing the PCLOB so that it can serve the role intended in the President’s Executive Order (EO) on Improving Critical Infrastructure Cybersecurity.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

July 2012

The letter of recommendations submitted to the Deputy Director, US Office of Management and Budget, relating to the discussion on sharing information on cyber threats and indicators.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the risks of outdated computer operating systems used by Federal Agencies.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the importance of maintaining security in medical devices.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

February 2012

The letter provides recommendations to the Under Secretary of Commerce for Standards and Technology for raising national awareness in future Cybersecurity Awareness Months.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

November 2011

The letter is requesting the Under Secretary of Commerce for Standards and Technology to review a paper presented by Dr. Fred Schneider. Dr. Schneider's work, done in collaboration with Deirdre Mulligan, discusses the need to build a shared understanding of cyber security doctrine as a key underpinning of cyber policy and practice.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2011

The letter offers recommendations to the Under Secretary re. goals for a research program to support NSTIC.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

September 2010

The letter provides initial recommendations to OMB re. leadership for Initiative 8 of the Comprehensive National Cybersecurity Initiative, regarding Cyber Education. This is intended to help NIST, OMB, and the Administration in addressing certain gaps to enhance the chances for success at the outset of its leadership for this key national program.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

January 2010

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding some difficult technical problems concerning security and privacy for access to patient data. It discusses two technical areas that have particular importance in IT for healthcare delivery in building trustworthy computing systems.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

October 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to the NIST ITL Director on their proposed reorganization, and specifically those elements of the reorganization that would impact the Computer Security Division and NIST’overall role regarding Federal agency information security.

Letter to Ms. Cita Furlani, Director, Information Technology Laboratory, National Institute of Standards and Technology.

May 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding updating privacy law and policy in light of technological change.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

December 2008

Einstein Program Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the Einstein Program.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

FISMA Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the efficacy of security metrics in regard to FISMA.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

EBK Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the information Security Essential Body of Knowledge (EBK) project.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

COOP Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board, that OMB and NIST work with DHS and other involved agencies to issue guidance on incorporating sound security and privacy practices into emergency response.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

REAL ID Letter:
This letter offers the comments and advice of the Information Security and Privacy Advisory Board's, concept of the issues and views on the Real ID program’s use of encryption.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

June 2006

Subject: This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on progress of the National Information Assurance Program (NIAP) review since its initiation in mid-2004. It provided recommendations on the key issues with NIAP.

Letter to The Honorable Rob Portman, Director, Office of Management and Budget.

January 2005

This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on Section 522 of the Consolidated Appropriations Act of 2005, Division H Transportation/Treasury, which provides for the establishment of statutory Chief Privacy Officers in Federal departments and agencies and prescribes certain actions to meet Federal government privacy management responsibilities.

Letter to The Honorable Joshua Bolten, Director, Office of Management and Budget.

August 2004

The Board produced the report "The National Institute of Standards and Technology Computer Security Division: The Case for Adequate Funding" in June 2004. A letter transmitting the final report and Board recommendations for consideration was submitted to the Honorable Joshua B. Bolten, Director of the OMB.

Letter to The Honorable Joshua Bolten, Director, Office of Management and Budget.

August 2002

Final Report "Computer System Security and Privacy Advisory Board Findings and Recommendations on Government Privacy Policy Setting and Management," was approved by the Board at their September 17-19, 2002, meeting


Back to Top

White Papers


Back to Top

Board Correspondence

September 15, 2004

Subject: Report on funding for the cyber security program at the National Institute of Standards and Technology (NIST) prepared by ISPAB.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

June 2004

Subject: Request for Board's advice on a list of activities that would be useful for both the Board and NIST to meet our respective statutory responsibilities for FY 2005.

Letter to Mr. Franklin S. Reeder, Chairman, Information Security and Privacy Advisory Board (ISPAB). From Mr. Ed Roback, Division Chief, Computer Security Division, NIST.

October 30, 2003

Subject: The issue of agencies using Web-based transactions to provide "e-government" services to members of the public. A key issue was whether (and how) an application might place program code (often referred to as "plug-ins" or "mobile code") into the user's browser.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

August 20, 2003

Subject: The e-Authentication initiative and the importance of establishing privacy policies and practices as mandatory components of technical models and systems being considered to support e-authentication services.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

April 8, 2003

Subject: Discussion of considerations the Board feels are important to the ongoing development of the National Strategy to Secure Cyberspace, issued February, 2003.

Letter to The Honorable Mitchell E. Daniels, Jr., Director, Office of Management and Budget.

December 20, 2002

Subject: The Board's observations and recommendations on the September draft of the Strategy to Secure Cyberspace.

Letter to Mr. David Howe, Chief of Staff, Office of Cyberspace Security.

May 20, 2002

Subject: Final draft of a report of the Computer System Security and Privacy Advisory Board adopted at its March 2002 meeting.

Letter to The Honorable Donald L. Evans, Secretary of Commerce.

December 14, 2001

Subject: Support of initiative of the National Security Council and the Partnership for Critical Infrastructure Security to educate home users and small business owners on computer security measures.

Letter to The Honorable Donald L. Evans, Secretary of Commerce.

April 9, 2001

Subject: Board's views on the Subcommittee's publication "First Report Card on Computer Security at Federal Departments and Agencies."

Letter to The Honorable Stephen Horn, Chairman, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, House Committee on Government Reform.

ANNUAL REPORTS from 1989-1995


If you have any questions or need information please e-mail Matthew Scholl.