The Information Security and Privacy Advisory Board (ISPAB) is a federal advisory committee that is, in part, responsible for identifying emerging issues related to information security and privacy. It brings together senior professionals from industry, government, and academia to help advise the National Institute of Standards and Technology, the U.S. Office of Management and Budget (OMB), the Secretary of Commerce, and appropriate committees of the U.S. Congress about information security and privacy issues pertaining to unclassified federal government information systems.
ISPAB was originally created by the Computer Security Act of 1987 as the Computer System Security and Privacy Advisory Board (CSSPAB) to advise the Secretary of Commerce and the Director of the National Institute of Standards and Technology on security and privacy issues
As a result of FISMA, the Board's name was changed and its mandate was amended.
Scope and Objectives Edit
The scope and objectives of the Board are to —
- Identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy;
- Advise NIST, the Secretary of Commerce, and the Director of OMB on information security and privacy issues pertaining to federal government information systems, including thorough review of proposed standards and guidelines developed by NIST; and
- Annually report the Board's findings to the Secretary of Commerce, the Director of OMB, the Director of the National Security Agency, and the appropriate committees of Congress.
The Board's authority does not extend to private-sector systems or to federal systems that process classified information.
The membership of the Board consists of 11 individuals and a Chairperson. The Director of NIST approves membership appointments and appoints the Chairperson. Each Board member serves for a four-year term. The Board’s membership draws from experience at all levels of information security and privacy work. The members’ careers cover government, industry, and academia.
Members have worked in the Executive and Legislative branches of the federal government, civil service, senior executive service, the military, some of the largest corporations worldwide, small and medium-size businesses, and some of the top universities in the nation. The members’ experience, likewise, covers a broad spectrum of activities including many different engineering disciplines, computer programming, systems analysis, mathematics, management positions, information technology auditing, legal experience, an extensive history of professional publications, and professional journalism.
Members have worked (and in many cases, continue to work in their full-time jobs) on the development and evolution of some of the most important pieces of information security and privacy legislation in the federal government, including the Privacy Act of 1974, the Computer Security Act of 1987, the E-Government Act (including FISMA), and numerous e-government services and initiatives.
The Board meets quarterly and all meetings are open to the public. NIST provides the Board with a Secretariat. The Board receives briefings from federal and private sector representatives on a wide range of privacy and security topics.
- ↑ Pub. L. No. 100-35.