Your Federal Tax Dollars Hard at Work (REALLY)
SecurityDude, CISSP-ISSAP is an IT Consultant, Security & Privacy Advocate and blogger at large with over 20 years IT experience.
The Federal government is an easy punching bag for all of us in the Tax Payer category. There are countless examples of mismanagement, incompetence, and pork-barrel spending. A “Bridge to Nowhere“, anyone? How about billions of dollars the Federal government “lost“? Just Google the phrase “wasteful federal spending” if you would like an anger-fueled adrenaline rush.
However, if you work in Information Security there are encouraging signs that some of our cash is being diverted to useful work. In this entry, I would like to cheer some of the Federal agencies for their contributions to the IT Security field.
National Security Agency
During the Cold War, the Federal government denied the existence of the National Security Agency (NSA). The joke at the time was that NSA stood for “No Such Agency”. As part of their mission to safeguard the US against foreign threats, the NSA hosts a number of carefully researched and very informative security best practices white papers on the following topics:
Application Security, Database Server Security, Operating System Security, Router & Switch Security, IP Telephony Security, Wireless Security & Web Security.
Defense Information Systems Agency
DISA’s Mission:“The Defense Information Systems Agency is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions to serve the needs of the President, Vice President, the Secretary of Defense, and other DoD Components, under all conditions of peace and war.”
One of the services that DISA provides to the military and Federal government is something called a STIG (Security Technical Implementation Guide). When the Air Force wanted to add wireless access to the non-classified portion of certain base networks, the Wireless STIG authored by DISA was a key design element.
- Click here for the STIG listing.
- Click here for DISAs Technical Guidance page for Federal Agency Security Practices.
National Institute of Standards and Technology
NIST is probably most famous for the Cesium Fountain Atomic Clock in Boulder, CO that is the basis for the “official” time of day in the United States. NIST is MUCH more than just Time & Measurement. NIST has an entire department dedicated to Computer Security. They are also the keepers of the Federal Information Processing Standards (FIPS). As an example, FIPS 140-2 outlines the current requirements Federal agencies must adhere to when encrypting non-classified information.
Here are some important and interesting NIST links:
