The National Academies Press

Currently Skimming:

4 Computer Security Division
Pages 23-27

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 23... ... During the 2018 assessment, the CSD described the following projects: quantum-resistant cryptography, lightweight cryptography, FIPS 140 and the Crypto Module Validation Program (CMVP) , derived credentials, access control, risk management, supply chain risk management, combinatorial methods in software testing, vulnerability metrics, and security for virtualized infrastructure. Read the entire page →
From page 24... ... panel report said this about the Access Control Project: As a general principle, given constraints on resources and the dynamic nature of IT security technology, the division should be mindful of the relevance of its research projects to the remainder of its mission and should be willing to sunset projects in those cases in which the project has begun to achieve industrial or commercial success or the focus of the project has diverged from the mainstream direction of information technology or from the division's work on standards and guidelines. The Role Based Access Control Program appears to have achieved a measure of industrial success and is perhaps a candidate for handing off to industry.3 The work of the Access Control Project is even more firmly established now in commercial practices and products than was the case in 2011. Read the entire page →
From page 25... ... Supply chain risk management is a vast problem space, in which much research could be done. However, the CSD is having trouble finding and hiring staff qualified to work on supply chain risk analysis. Read the entire page →
From page 26... ... Some important CSD projects, including Risk Management, Supply Chain Security, and Virtualization Security, perform well on production and dissemination metrics but have no systematic impact metrics. Impact metrics would be very helpful in quantifying the effectiveness of the standards, guidance, and tools developed by the CSD. Read the entire page →
From page 27... ... For its part, the ACD has recently published version 1.1 of the Cybersecurity Framework; that document states: "The Framework is adaptive to provide a flexible and risk-based implementation that can be used with a broad array of cybersecurity risk management processes. Examples of cybersecurity risk management processes include NIST Special Publication (SP) Read the entire page →

From page 23...

... During the 2018 assessment, the CSD described the following projects: quantum-resistant cryptography, lightweight cryptography, FIPS 140 and the Crypto Module Validation Program (CMVP) , derived credentials, access control, risk management, supply chain risk management, combinatorial methods in software testing, vulnerability metrics, and security for virtualized infrastructure.

Read the entire page →

From page 24...

... panel report said this about the Access Control Project: As a general principle, given constraints on resources and the dynamic nature of IT security technology, the division should be mindful of the relevance of its research projects to the remainder of its mission and should be willing to sunset projects in those cases in which the project has begun to achieve industrial or commercial success or the focus of the project has diverged from the mainstream direction of information technology or from the division's work on standards and guidelines. The Role Based Access Control Program appears to have achieved a measure of industrial success and is perhaps a candidate for handing off to industry.3 The work of the Access Control Project is even more firmly established now in commercial practices and products than was the case in 2011.

Read the entire page →

From page 25...

... Supply chain risk management is a vast problem space, in which much research could be done. However, the CSD is having trouble finding and hiring staff qualified to work on supply chain risk analysis.

Read the entire page →

From page 26...

... Some important CSD projects, including Risk Management, Supply Chain Security, and Virtualization Security, perform well on production and dissemination metrics but have no systematic impact metrics. Impact metrics would be very helpful in quantifying the effectiveness of the standards, guidance, and tools developed by the CSD.

Read the entire page →

From page 27...

... For its part, the ACD has recently published version 1.1 of the Cybersecurity Framework; that document states: "The Framework is adaptive to provide a flexible and risk-based implementation that can be used with a broad array of cybersecurity risk management processes. Examples of cybersecurity risk management processes include NIST Special Publication (SP)

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

4 Computer Security Division Pages 23-27

4 Computer Security Division
Pages 23-27