NSA and NIST complete profiles for security needs

NSA and NIST complete profiles for security needs

The National Institute of Standards and Technology and the National Security Agency have completed profiles for recommended security features for five of the 10 technology areas the agencies have targeted for profile development.

The Protection Profiles, when completed, will be included in the evaluation process for Common Criteria certification of IT security products.

"There are going to be a lot of profiles coming out in the next six months," said Rex Myers, NSA security architect.

Myers made his comments today at the Federal Information Assurance Conference at the University of Maryland.

Protection Profile development began about two years ago as a cooperative program between NIST, which develops standards for nonclassified IT products, and NSA, which handles requirements for the classified and intelligence community. Because the Common Criteria program only evaluates IT products against the manufacturer's claims, without required security specifications, the Protection Profiles will give users a way to determine how robust a product's security features are.

The profiles specify three levels of security: basic, medium and high.

"We don't see a big need right now for the high level," said Stu Katzke, a senior research scientist at NIST. "We have been focusing most of our attention on the basic and medium levels."

The medium level is considered adequate for mission-critical systems handling nonclassified information.

Some Protection Profiles have been approved for operating systems, firewalls, intrusion detection systems, tokens and public-key infrastructures. Profiles are expected by the middle of 2003 for wireless systems, Web browsers, databases, virtual private networks and biometric products.

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected