- The Washington Times - Thursday, August 6, 2009


While I do not disagree with the general point of the editorial “White House cybermistakes” (Opinion, Wednesday), it commits an error in stating that the Department of Commerce is “an agency with no significant cybersecurity expertise.” To the contrary, the Department of Commerce, through the Computer Security Division at the National Institute of Standards and Technology (NIST), is an internationally recognized leader in strategic and tactical thinking regarding information system security.

The Computer Security Division of NIST is the government agency through which the Advanced Encryption Standard came. It is the source for Federal Information Processing Standards. And it is the source for the widely used 800-series Special Publications on information security.

The Department of Commerce has produced guidance, as mandated by the Office of Management and Budget, for non-national security systems of the federal government. Yet the value of this guidance is perhaps better shown by its voluntary adoption by the Committee on National Security Systems (CNSS) and by many state and local governments.

CNSS decided not to produce its own catalog of security controls for organizations and information systems but decided instead to accept the NIST Special Publication 800-53 control catalog and to work with NIST on Revision 3 of that document as a joint document. Similarly, CNSS has decided not to develop its own certification and accreditation guidance but rather to use the guidance in the Department of Commerce-led Special Publication 800-37 Revision 1 — another joint document.

In short, rather than having “no significant cybersecurity expertise,” the Department of Commerce — through the Computer Security Division of NIST — is a widely recognized expert and thought leader in the strategic concepts and guidance that are necessary to protect organizations, individuals and the nation from harm arising from our use of information systems.



Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide