Computer Security Division

The Computer Security Division (CSD), a component of NIST’s Information Technology Laboratory (ITL), provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2009 (FY2009), CSD successfully responded to numerous challenges and opportunities
in fulfilling its mission. CSD carried out a diverse research agenda and participated in many national priority initiatives, leading to the development and implementation of high-quality, cost-effective security and privacy mechanisms that improved information security across the federal government and throughout the national and international information security
community.

In FY2009, CSD continued to develop standards, metrics, tests, and validation programs to promote, measure, and validate the security in information systems and services. Recognizing the potential benefits of more automation in technical security operations, CSD hosted the Information Security Automation Program (ISAP), which formalizes and advances efforts to enable the automation and standardization of technical security operations, including automated vulnerability management and policy compliance evaluations. The CSD also continued to work closely with federal agencies to improve their understanding and implementation of the Federal Information Security Management Act (FISMA) to protect their information and information systems. CSD supported a major intelligence community and national security community initiative to build a unified framework for information security across the federal government. This initiative is expected to result in greater standardization and more consistent and cost-effective security for all federal information systems.

As technology advances and security requirements evolve, CSD critically evaluates existing standards, guidelines, and technologies to ensure that they adequately reflect the current state of the art. In FY2009, CSD issued revisions of The Keyed-Hash Message Authentication Code, Federal Information Processing Standard (FIPS) 198-1 and Secure Hash Standard, FIPS 180-3, as well as a draft for public comment of the RSA Strong Primes - Digital Signature Standard, FIPS 186-3. The CSD also initiated an international competition for a next generation Secure Hash Algorithm (SHA-3).

During FY2009, CSD explored opportunities to apply its security research to national priorities and internal NIST initiatives. The CSD has played an active role in implementation planning for the Comprehensive National Cyber Security Initiative to protect our country’s critical infrastructure. The CSD continued to expand its support for two key national initiatives, electronic voting and health information technology, by researching the security requirements of those areas and applying the results of that research, along with current technologies, to advance the stated goals of those initiatives. CSD also worked closely with the ITL management team to integrate security projects into ITL’s research programs. These programs, which include Cyber Security, Pervasive Information Technologies, Identity Management, and Trustworthy Software, are designed to organize and build ITL core competencies in the most efficient manner, and to maximize the use of ITL resources to address emerging information technology challenges.

These are just some of the highlights of the CSD program during FY2009. You may obtain more information about CSD’s programs at http://csrc.nist.gov or by contacting any of the CSD experts noted in this report. If interested in participating in any CSD challenges – whether current or future – please contact any of the listed CSD experts.