NIST launching security review

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2001/0514/web-team-05-16-01.asp

BY Diane Frank 
05/16/2001

The National Institute of Standards and Technology next month will
begin reviewing agency security programs and practices as part of an
initiative started by the Clinton administration.

The NIST Computer Security Expert Assist Team (CSEAT) is a group
established to help agencies comply with Presidential Decision
Directive 63, the May 1998 order requiring agencies to protect the
systems that support the nations critical infrastructure. Such systems
include essential services like the power grid and the National
Airspace System.

The Clinton administration first proposed the team, a group of federal
security experts, in 1999, but the full request came in the first
version of the National Plan for Information Systems Protection,
released in January 2000. The Bush administration is now working with
industry to develop the second version of the plan.

The team will help agencies identify and fix security vulnerabilities
in their systems, and prepare for future threats. The CSEAT also will
promote the sharing of best practices among agencies and between the
public and private sectors.

NIST received only part of this years funding from Congress, but the
team is in place and the first step will be conducting reviews
requested by agencies about their organization, policies,
methodologies and personnel. The team also will conduct reviews
requested by the Office of Management and Budget about agencies
existing and planned information technology systems.

The reviews are expected to start in June, and NIST has developed a
system to prioritize requests according to their importance in the
critical infrastructure protection effort.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.