• Choose a category
• All
• Classic-Fiction

The following sections describe key U.S. government agencies, a few well-known industry associations, and public-domain cryptography standards.

The Role of Governmental Agencies

Several U.S. government agencies are involved in the creation of standards for secure systems. They either directly control specific sectors of government or provide validation, approval, and support to government agencies. We’ll look at each of these agencies in the following sections.

National Security Agency

The National Security Agency (NSA) is responsible for creating codes, breaking codes, and coding systems for the U.S. government. The NSA was chartered in 1952. It tries to keep a low profile; for many years, the government didn’t publicly acknowledge its existence.

The NSA is responsible for obtaining foreign intelligence and supplying it to the various U.S. government agencies that need it. It’s said to be the world’s largest employer of mathematicians. The NSA’s missions are extremely classified, but its finger is in everything involving cryptography and cryptographic systems for the U.S. government, government contractors, and the military.

The NSA’s website is http://www.nsa.gov.

National Security Agency/Central Security Service

The National Security Agency/Central Security Service (NSA/CSS) is an independently functioning part of the NSA. It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities. The NSA/CSS supports all branches of the military. Each branch of the military used to have its own intelligence activities. Frequently, these branches didn’t coordinate their activities well. NSA/CSS was created to help coordinate their efforts.

National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST), which was formerly known as the National Bureau of Standards (NBS), has been involved in developing and supporting standards for the U.S. government for over 100 years. NIST has become very involved in cryptography standards, systems, and technology in a variety of areas. It’s primarily concerned with governmental systems, and it exercises a great deal of influence on them. NIST shares many of its findings with the security community because business needs are similar to government needs.

NIST publishes information about known vulnerabilities in operating systems and applications. You’ll find NIST very helpful in your battle to secure your systems.

You can find NIST on the Web at http://www.nist.gov.

Industry Associations and the Developmental Process

The need for security in specific industries, such as the banking industry, has driven the development of standards. Standards frequently begin as voluntary or proprietary efforts.

The Request for Comments (RFC), originated in 1969, is the mechanism used to propose a standard. It’s a document-creation process with a set of practices. An RFC is categorized as standard (draft or standard), best practice, informational, experimental, or historic.

Draft documents are processed through a designated RFC editor who makes sure the document meets publication standards. Editors play a key role in the RFC process; they are responsible for making sure proposals are documented properly, and they manage the discussion. The RFC is then thrown open to the computer-user community for comments and critique. This process ensures that all interested parties have the opportunity to comment on an RFC.

The RFC process allows open communications about the Internet and other proposed standards. Virtually all standards relating to the Internet that are adopted go through this process.

Several industrial associations have assumed roles that allow them to address specific environments. The following sections briefly discuss some of the major associations and the specific environments they address.

American Bankers Association

The American Bankers Association (ABA) has been very involved in the security issues facing the banking