Fandom

The IT Law Wiki

National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987

32,191pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

General Accounting Office, National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987 (GAO/T-IMTEC-89-7) (May 4, 1989) (full-text).

Overview Edit

GAO discussed the memorandum of understanding between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) regarding the implementation of the Computer Security Act of 1987. GAO noted that, under the memorandum: (1) NIST was responsible for appointing a computer security and privacy advisory board, applying NSA security guidelines to the extent they were consistent with requirements for protecting sensitive information, recognizing NSA-certified ratings of systems without requiring additional evaluation, and developing standards for protecting sensitive unclassified data; (2) NSA was responsible for providing NIST with technical guidelines regarding security and technology research, responding to NIST requests on all cryptography matters, establishing standards and endorsing products for application to secure military systems, and assessing hostile intelligence threats against federal information systems; and (3) NIST and NSA agreed to jointly review agencies' security plans, exchange technical standards and guidelines, avoid duplicative effort, exchange work plans, and establish a technical working group.

GAO believed that the memorandum may provide NSA with more than the legislatively intended consultative role in securing federal agency handling of sensitive, unclassified information, since the memorandum does not adequately specify NIST authority over NSA responsibilities and involvement in NIST functions.

See also Edit

Also on Fandom

Random Wiki