Cybersecurity Standards & Services

 

Cybersecurity Services

To protect the Department of Defense’s most critical information, NSA provides direct cybersecurity assistance to Defense Industrial Base (DIB) entities designed to identify, mitigate, and thwart threats to their networks. Email DIB_Defense@cyber.nsa.gov to learn more about these cybersecurity services. 

Cybersecurity Standards

As the U.S. Government relies increasingly on commercial products to secure systems that carry classified or otherwise sensitive information, NSA works to partner with vendors to ensure security requirements are built into development processes. Email CS_Standards@cyber.nsa.gov for questions on cybersecurity standards.

NSA Center for Cybersecurity Standards

NSA’s Center for Cybersecurity Standards supports collaboration with industry to ensure U.S. Government cybersecurity requirements are included in the standards for a more secure future. These standards enable interoperable IT solutions and mitigate security challenges across networks.

As NSA relies increasingly on commercial products to secure National Security Systems* (i.e. systems that carry classified or otherwise sensitive information), we must find ways to partner with vendors to ensure security requirements are built into development processes. NSA has recognized that engagement with standards bodies is a highly effective mechanism to not only communicate requirements to all vendors in a given product segment, it is also a way to ensure those requirements are met by most vendors.

NSA Cybersecurity Standards Engagements

While NSA works to track development across standards organizations, recent NSA cybersecurity standards engagements fall into the following broad areas:

5G Security

NSA supports the Department of Defense effort to secure next generation mobile infrastructure through participation in the Third Generation Partnership Program (3GPP), the Alliance for Telecommunications Industry Solutions (ATIS), and the Institute of Electrical and Electronics Engineers (IEEE LAN/MAN Standards Committee.

Cybersecurity Automation

To protect DoD networks from attack, NSA Cybersecurity is standardizing the collection and sharing of information necessary to automate network risk assessment and response. This work takes place in cooperation with the National Institute of Standards and Technology (NIST) the Department of Homeland Security (DHS) in the Internet Engineering Task Force (IETF), the Trusted Computing Group (TCG), the International Organization of Standards/International Electrotechnical Committee (ISO/IEC) and the Organization for the Advancement of Structured Information Standards (OASIS).

Platform Resilience

Platform resilience standards address vulnerabilities and attacks that leverage weaknesses in platform update mechanisms. NSA Cybersecurity is working with the IETF and TCG to make sure that standards are in place to secure software and firmware update mechanisms, as well as collaborating with NIST to standardize commercial code signing systems.

Cryptographic Algorithms

NSA Cybersecurity needs a set of standardized commercial cryptographic primitives to support current requirements, as well as future environments and protection against emerging threats such as quantum computing. Cooperation with NIST is essential to that mission, as is participation in ISO/IECIEEEIETF, and the American National Standards Institute (ANSI).

Security Protocols

As part of our mission to protect NSS network communications, NSA Cybersecurity Solutions works with the IETFISO/IEC to ensure that a robust set of cryptographic protocols are available and incorporated into commercial products. We also work with 3GPP and ATIS to build security into 5G networks.


*National Security Directive 42 designates NSA as the National Manager for National Security Systems (NSS) – information systems which require special protections, such as those used for intelligence activities or command and control of military forces. NSA’s role is to prescribe the appropriate protections for NSS. In support of that role, NSA works with industry to ensure that products are available to provide that protection.