Burst Stovepipes to Aid in Metrics Creation

NIST Units to Help Develop New Rules for IT Security Compliance.
Burst Stovepipes to Aid in Metrics Creation
When Congress enacts and President Obama signs legislation to reform the Federal Information Security Act, perhaps as early as this year, the National Institute of Standards and Technology (NIST) will be charged to develop new metrics federal agencies must follow to assure government information systems are secure.

That's what happened with the enactment of FISMA in 2002, but today NIST will be better prepared to use all of its resources to accomplish the assigned task.

The culture at NIST in 2002 wasn't highly collaborative, even among organizations for instance, the Computer Security and Mathematical and Computational Sciences divisions within the Institute's Information Technology Laboratories (ITL). "Seven years ago, we were pretty determinedly stovepiped," Curt Barker, chief of ITL's Computer Security Division, says in an interview with GovInfoSecurity.com.

That's no longer the case. "Like a lot of other organizations, we were stovepiped pretty heavily in the past, and those cylinders of excellence have been effectively burst," Barker says. Now, "there's a great deal of sharing of resources, and frankly, I'm counting on that very heavily for activities such as (developing) metrics."

When time comes to create the new metrics, Computer Security and Mathematical and Computational Sciences will be partners.

Barker credits ITL Director Cita Furlani with felling the barriers among the lab's units. "I would hate to put words in my boss' mouth, but she felt resources weren't being effectively employed as possible," Barker said. "You could end up duplicating skills or having gaps in skills unless you can get the full organization work as unit."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.