The
Information Technology Security and Networking (ITSN) Division
organizationally
resides in the Office of the Chief Information Officer,
NIST. The ITSN is
the focal point for addressing NIST-wide information technology
(IT) security issues. Functions of the ITSN include
establishing, implementing, and testing information security
policies, procedures, and technologies for NIST's administrative
and scientific environments. The ITSN also investigates
computer security breaches by a NIST user or through a NIST
system. To report a security incident
or to discuss an IT concern related to NIST, contact the
IT Security Officer at nist-itso@nist.gov or 301-975-5375.
All non-public users of NIST information technology
are required to read, acknowledge, and sign the NIST Policy
on IT Resources Access and Use. The NIST Policy on IT Resources
Access and Use is located at:
http://cio.nist.gov/itsd/policy_accnuse.html and the
signature page is located at:
http://cio.nist.gov/itsd/memo_accessnuse_sign.html.
The signature page must be signed, dated and mailed to NIST
iTAC, 100 Bureau Drive, Gaithersburg, MD
20899-1820.
The
role of the ITSN should not be confused with that of the
Information Technology Laboratory's Computer Security
Division. Under the Computer Security Act of 1987, the
Computer Security Division develops security standards and
guidelines for sensitive (unclassified) Federal IT systems
and works with industry to help improve the security of
commercial IT products. The Division has key focused
activities in the areas of cryptographic standards and
applications, security of emerging technologies, security
management, and security testing. The ITSO benefits
from having access to subject matter experts, and the
division benefits from having the environment to apply the
research conducted and to contribute operational experience
to its activities. For more information on the ITL
Computer Security Division, see http://csrc.nist.gov.