- The Washington Times - Thursday, August 6, 2009

ANALYSIS/OPINION:

While I do not disagree with the general point of the editorial “White House cybermistakes” (Opinion, Wednesday), it commits an error in stating that the Department of Commerce is “an agency with no significant cybersecurity expertise.” To the contrary, the Department of Commerce, through the Computer Security Division at the National Institute of Standards and Technology (NIST), is an internationally recognized leader in strategic and tactical thinking regarding information system security.

The Computer Security Division of NIST is the government agency through which the Advanced Encryption Standard came. It is the source for Federal Information Processing Standards. And it is the source for the widely used 800-series Special Publications on information security.

The Department of Commerce has produced guidance, as mandated by the Office of Management and Budget, for non-national security systems of the federal government. Yet the value of this guidance is perhaps better shown by its voluntary adoption by the Committee on National Security Systems (CNSS) and by many state and local governments.

CNSS decided not to produce its own catalog of security controls for organizations and information systems but decided instead to accept the NIST Special Publication 800-53 control catalog and to work with NIST on Revision 3 of that document as a joint document. Similarly, CNSS has decided not to develop its own certification and accreditation guidance but rather to use the guidance in the Department of Commerce-led Special Publication 800-37 Revision 1 — another joint document.

In short, rather than having “no significant cybersecurity expertise,” the Department of Commerce — through the Computer Security Division of NIST — is a widely recognized expert and thought leader in the strategic concepts and guidance that are necessary to protect organizations, individuals and the nation from harm arising from our use of information systems.

GARY STONEBURNER

Gaithersburg

LOAD COMMENTS ()

 

Click to Read More

Click to Hide