Information Assurance Menu

About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated TEMPEST Zoned Equipment IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information
.
Skip Search Box
INFORMATION ASSURANCE NSA's Information Assurance Mission delivers technology, products, and services to secure our clients' information and information systems.
Our Vision: To be the decisive advantage enabling America and its allies to outmaneuver network adversaries.
Our Mission: Measurably improve the security of critical operations and information by providing know-how and technology to our suppliers and clients when and where they need it.
Our Value: is founded on a unique and deep understanding of risks, vulnerabilities, mitigations, and threats.

NSA Part of Consortium of Cybersecurity Experts That Establishes Baseline Standard of Due Care for Cybersecurity--The Top Twenty Most Critical Controls

According to a Press Release dated February 23, 2009 and released by a consortium of federal agencies and private organizations, including NSA, Version 1 of the Consensus Audit Guidelines (CAG) is now available for public review. The guidelines "define the most critical security controls to protect federal and contractor information and information systems." The CAG initiative is part of a larger effort housed at the Center for Strategic and International Studies (CSIS) in Washington, D.C., "to advance key recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency."

"NSA, DHS, Industry Gang Up on Dangerous Software Errors"
Business Week

"Computer security experts have warned for years that the endless cycle of software flaws and exploits will only be broken when we create incentives for software authors and publishers to get it right. On January 12 (2009), the industry took a potentially important step toward that goal when a broad coalition of companies, government agencies, academics, and advocacy groups launched a program to assure that software is free of 25 common errors that lead to the bulk of security problems." The program was developed jointly by the SANS Institute and MITRE, with backing from the National Security Agency's (NSA's) Information Assurance Directorate (IAD) and the Department of Homeland Security (DHS), the article said.

In SANS Institute's press release of January 12, NSA's Tony Sager commented on the program's significance; "The publication of a list of programming errors that enable cyber espionage and cyber crime is an important first step in managing the vulnerability of our networks and technology. There needs to be a move away from reacting to thousands of individual vulnerabilities, and to focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. Such a list allows the targeting of improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where they can be solved on a large scale and cost-effectively."

Secure Mobile Environment Portable Electronic Device (SME PED)

Hands holding SME-PED device

The National Security Agency has developed a hand-held communication device that will revolutionize secure, portable access to classified information. Its technical name is "Secure Mobile Environment Portable Electronic Device" (SME PED) and it enables its users to send and receive both classified and unclassified telephone calls and to exchange classified and unclassified email. In addition, the SME-PED (pronounced "SMEE-PED") enables users to web browse on secure networks that are classified SECRET.

Full article

 

Date Posted: Jan 15, 2009 | Last Modified: Mar 16, 2009 | Last Reviewed: Mar 16, 2009

  
bottom
National Security Agency / Central Security Service