| * |
|
Security Management and Assurance Group
|
Welcome
Information security is an integral element of sound management. Information and computer systems are critical assets that support the mission of an organization. Protecting them can be as important as protecting other organizational resources, such as money, physical assets, or employees. However, including security considerations in the management of information and computers does not completely eliminate the possibility that these assets will be harmed. Ultimately, responsibility for the success of an organization lies with its senior management. They establish the organization's computer security program and its overall program goals, objectives, and priorities in order to support the mission of the organization. They are also responsible for ensuring that required resources are applied to the program. Collaboration with a number of entities is critical for success. Federally, we collaborate with the U.S. Office of Management and Budget (OMB), the U.S. Government Accountability Office (GAO), the National Security Agency (NSA), the Chief Information Officers (CIO) Council, and all Executive Branch agencies. We also work closely with a number of information technology organizations and standards bodies, as well as public and private organizations. Major initiatives in this area include the FISMA Implementation Project; extended outreach initiatives and information security training, awareness and education; and producing and updating NIST Special Publications on security management topics. Key to the success of this area is our ability to interact with a broad constituency-Federal and nonfederal-in order to ensure that our program is consistent with national objectives related to or impacted by information security. Programs/Projects
Federal Computer Security Program Managers' Forum (Forum)—The Federal Computer Security Program Managers' Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of information system … Program Review for Information Security Management Assistance (PRISMA)—The Program Review for Information Security Management Assistance (PRISMA) includes many review options and incorporates guidelines contained in Special Publication 800-53, Recommended Security … Federal Information Systems Security Educators’ Association (FISSEA)—The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for information systems security professionals to assist federal … Federal Agency Security Practices (FASP)—The Federal Agency Security Practices (FASP) web site effort was initiated as a result of the success of the Federal CIO Council's Federal Best Security Practices (BSP) pilot effort to … Awareness, Training, Education (ATE) and Professional Development—This site is an organized set of links to business, college, and university websites that contain information security awareness, training, education, certificate, and certification information and … Federal Information Security Management Act (FISMA) Implementation Project—The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, … Cryptographic Module Validation Program (CMVP)—On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal … Information Security and Privacy Advisory Board (ISPAB)—The Information Security and Privacy Advisory Board (ISPAB) was originally created by the Computer Security Act of 1987 (P.L. 100-235) as the Computer System Security and Privacy Advisory Board. As … Cryptographic Algorithm Validation Program—The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS-approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a … Small Business Corner (SBC)—The Small Business Corner outreach began as a partnership in 2001. The target audience was the 25+ million small businesses in the United States. The small business community uses computers and … |
Contact
General Information: 100 Bureau Drive, M/S 8930 |