House calls for NIST to establish standards for security products

House calls for NIST to establish standards for security products

The Computer Security Enhancement Act of 2001, passed last month by the House of Representatives, calls for standards in commercial security products used by the government.

HR 1259 expands the responsibilities of the National Institute of Standards and Technology to set guidelines for securing federal systems, particularly through encryption and authentication. Such standards would be technology-neutral and focus on commercial offerings.

The bill currently is before the Senate Committee on Commerce, Science and Transportation.
Rep. Sherwood Boehlert (R-N.Y.), chairman of the House Science Committee, said the bill is the first of several that will deal with cybersecurity.

NIST already is responsible for developing guidelines for security and privacy of federal systems. It would take on further responsibilities for improving compliance with existing guidelines and promoting use of commercial products. The standards agency would maintain a list of authentication products that have passed evaluation by private laboratories.

NIST also would assess agencies' information security when asked. Congress would receive the results of the assessments.

The bill also would set up a fellowship program to provide $10 million over two years for students of computer security.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above