NIST launching security review

NIST Computer Security Expert Assist Team

The National Institute of Standards and Technology next month will begin reviewing agency security programs and practices as part of an initiative started by the Clinton administration.

The NIST Computer Security Expert Assist Team (CSEAT) is a group established to help agencies comply with Presidential Decision Directive 63, the May 1998 order requiring agencies to protect the systems that support the nation's critical infrastructure. Such systems include essential services like the power grid and the National Airspace System.

The Clinton administration first proposed the team, a group of federal security experts, in 1999, but the full request came in the first version of the National Plan for Information Systems Protection, released in January 2000. The Bush administration is now working with industry to develop the second version of the plan.

The team will help agencies identify and fix security vulnerabilities in their systems, and prepare for future threats. The CSEAT also will promote the sharing of best practices among agencies and between the public and private sectors.

NIST received only part of this year's funding from Congress, but the team is in place and the first step will be conducting reviews requested by agencies about their organization, policies, methodologies and personnel. The team also will conduct reviews requested by the Office of Management and Budget about agencies' existing and planned information technology systems.

The reviews are expected to start in June, and NIST has developed a system to prioritize requests according to their importance in the critical infrastructure protection effort.