To protect the Department of Defense’s most critical information, NSA provides direct cybersecurity assistance to Defense Industrial Base (DIB) entities designed to identify, mitigate, and thwart threats to their networks. Email DIB Defense to learn more about these cybersecurity services.
As the U.S. Government relies increasingly on commercial products to secure systems that carry classified or otherwise sensitive information, NSA works to partner with vendors to ensure security requirements are built into development processes.
NSA Center for Cybersecurity Standards
NSA’s Center for Cybersecurity Standards supports collaboration with industry to ensure U.S. Government cybersecurity requirements are included in the standards for a more secure future. These standards enable interoperable IT solutions and mitigate security challenges across networks.
As NSA relies increasingly on commercial products to secure National Security Systems* (i.e. systems that carry classified or otherwise sensitive information), we must find ways to partner with vendors to ensure security requirements are built into development processes. NSA has recognized that engagement with standards bodies is a highly effective mechanism to not only communicate requirements to all vendors in a given product segment, it is also a way to ensure those requirements are met by most vendors.
NSA Cybersecurity Standards Engagements
While NSA works to track development across standards organizations, recent NSA cybersecurity standards engagements fall into the following broad areas:
NSA supports the Department of Defense effort to secure next generation mobile infrastructure through participation in the Third Generation Partnership Program (3GPP), the Alliance for Telecommunications Industry Solutions (ATIS), and the Institute of Electrical and Electronics Engineers (IEEE LAN/MAN Standards Committee.
Platform resilience standards address vulnerabilities and attacks that leverage weaknesses in platform update mechanisms. NSA Cybersecurity is working with the IETF
to make sure that standards are in place to secure software and firmware update mechanisms, as well as collaborating with NIST
to standardize commercial code signing systems.
NSA Cybersecurity needs a set of standardized commercial cryptographic primitives to support current requirements, as well as future environments and protection against emerging threats such as quantum computing. Cooperation with NIST
is essential to that mission, as is participation in ISO/IEC
, and the American National Standards Institute (ANSI)
As part of our mission to protect NSS network communications, NSA Cybersecurity Solutions works with the IETF
to ensure that a robust set of cryptographic protocols are available and incorporated into commercial products. We also work with 3GPP
to build security into 5G networks.
National Information Assurance Program (NIAP)
NIAP oversees the evaluation of commercial information technology (IT) products for use in National Security Systems (NSS). Visit NIAP to learn more.
*National Security Directive 42 designates NSA as the National Manager for National Security Systems (NSS) – information systems which require special protections, such as those used for intelligence activities or command and control of military forces. NSA’s role is to prescribe the appropriate protections for NSS. In support of that role, NSA works with industry to ensure that products are available to provide that protection.