Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
The Computer Security Division (CSD), a division of the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) is responsible for developing cybersecurity standards, guidelines, tests, and metrics for the protection of non-national security federal information systems. CSD's standards, guidelines, tools and references are developed in an open, transparent, traceable and collaborative manner that enlists broad expertise from around the world. While developed for federal agency use, these resources are voluntarily adopted by other organizations because they are effective and accepted globally.
The need for cybersecurity standards, best practices, tools and references that also address interoperability, usability and privacy continue to be critical for the Nation. CSD aligns its resources to enable greater development and application of practical, innovative security technologies and methodologies that enhance our ability to address current and future computer and information security challenges. Our foundational research and applied cybersecurity programs continue to advance in many areas, including cryptography, automation, roots of trust, identity and access management, advanced security testing and measurement, Internet of Things (IoT), cyber-physical systems, and public safety networks.
Trust is crucial to the broad adoption of our standards and guidelines, including our cryptographic standards and guidelines. To ensure that our cryptography resources have been developed according the highest standard of inclusiveness, transparency and security, NIST conducted an internal and external formal review of our cryptographic standards development efforts in 2014. We documented and solicited public comment on the principles and rigorous processes we use to engage stakeholders and experts in industry, academia, and government to develop and revise these standards. The final report is now published and serves as a basis for all CSD's cryptographic development efforts.
Increasing the trustworthiness and resilience of the IT infrastructure is a significant undertaking that requires a substantial investment in the architectural design and development of our systems and networks. A disciplined and structured set of systems security engineering processes that starts with and builds on well-established international standards provides an important starting point. Draft Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, which was issued in May 2014, helps organizations to develop a more defensible and survivable information technology infrastructure. This resource, coupled with other NIST standards and guidelines, contributes to systems that are more resilient in the face of cyber attacks and other threats.
Strong partnerships with diverse stakeholders are vital to the success of our technical programs. In February 2014, NIST issued the Framework for Improving Critical Infrastructure Cybersecurity as directed in Executive Order 13636. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of the critical infrastructure. Its approach helps owners and operators of the critical infrastructure to manage cybersecurity-related risk.
In FY 2016, CSD continues to develop standards, metrics, tests, and validation programs to promote, measure, and validate the security in information systems and services. Recognizing the potential benefits of more automation in technical security operations. The CSD continues to work closely with federal agencies to improve their understanding and implementation of the Federal Information Security Management Act (FISMA) to protect their information and information systems. CSD supports a major intelligence community and national security community initiative to build a unified framework for information security across the federal government. This initiative is expected to result in greater standardization and more consistent and cost-effective security for all federal information systems.
As of October 1, 2015 the Computer Security Division was split into 2 divisions: (1) Computer Security and (2) Applied Cybersecurity. Both divisions work closely together on numerous programs/projects.
Conferences and Events
NSCI: High-Performance Computing Security Workshop
September 29-30, 2016
Lightweight Cryptography Workshop 2016
October 17-18, 2016
Safeguarding Health Information: Building Assurance through HIPAA Security - 2016
October 19-20, 2016
2015 Computer Security Division Annual Report: