National Institute of Standards and Technology, Computer Security Division Annual Report, FY 2007

摘要

The primary goal of the Computer Security Division (CSD), a component of NIST's Information Technology Laboratory (ITL), is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2007 (FY 2007), CSD successfully responded to numerous challenges and opportunities in fulfilling that mission. Through CSD's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security mechanisms were developed and applied that improved information security across the federal government and the greater information security community. In FY 2007, CSD continued to develop standards, metrics, tests, and validation programs to promote, measure, and validate security in systems and services. Recognizing the potential benefits of more automation in technical security operations, CSD established the Information Security Automation Program (ISAP), which is intended to formalize and advance efforts to enable the automation and standardization of technical security operations, including automated vulnerability management and policy compliance evaluations. The CSD also worked closely with federal agencies to improve their understanding of the Federal Information Security Management Act (FISMA) and supported a major intelligence community initiative to build a unified framework for information security across the federal government. This initiative is expected to result in greater standardization and more consistent and cost-effective security for all federal information systems. Opportunities were presented during FY 2007 for CSD to apply its security research to national priorities and internal NIST initiatives. The CSD significantly expanded its support for two key national initiatives, electronic voting and health information technology, by researching the security requirements of those areas and applying the results of that research, along with current technologies, in furtherance of the stated goals of those initiatives. CSD also worked closely with the NIST ITL management team to integrate security projects into newly formed research programs. These programs, which include Cyber Security, Pervasive Information Technologies, Trustworthy Networking, and Trustworthy Software, are designed to organize and build ITL core competencies in the most efficient manner, and to maximize the use of ITL resources to address emerging information technology challenges.