Committee on National Security Systems

Last updated
Committee on National Security Systems
CNSS
CNSS Logo.svg
Logo of the CNSS
Agency overview
Formed16 October 2001
Preceding agencies
  • National Security Telecommunications and Information Systems Security Committee (NSTISSC)
  • U.S. Communications Security Board (USCSB)
JurisdictionUnited States
Headquarters Fort Meade, Maryland
Parent agencyIntergovernmental, chaired by DoD
Website www.cnss.gov

The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policies for the security of the US security systems. [1] The CIA triad (data confidentiality, data integrity, and data availability) are the three main security goals of CNSS. [2]

Contents

History

The Committee dates its establishment back to 1953, under the name of U.S. Communications Security Board (USCSB). [3]

Under the name National Security Telecommunications and Information Systems Security Committee (NSTISSC) the committee was established by the National Security Directive 42, "National Policy for the Security of National Security Telecommunications and Information Systems", dated 5 July 1990. On October 16, 2001, President George W. Bush signed Executive Order 13231, the Critical Infrastructure Protection in the Information Age, re-designating NSTISSC as the Committee on National Security Systems. [3]

Activities

The CNSS holds discussions of policy issues, sets national policy, directions, operational procedures, and guidance for the information systems operated by the U.S. Government, its contractors or agents that either contain classified information, involve intelligence activities, involve cryptographic activities related to national security, involve command and control of military forces, involve equipment that is an integral part of a weapon or weapons system(s) or are critical to the direct fulfillment of military or intelligence missions.

The Department of Defense chairs the committee. Membership consists of representatives from 21 U.S. Government Departments and Agencies with voting privileges, including the CIA, DIA, DOD, DOJ, FBI, NSA, and the National Security Council, and all United States Military Services. Members not on the voting committee include the DISA, NGA, NIST, and the NRO. The operating Agency for CNSS appears to be the National Security Agency, which serves as the primary contact for public inquiries.

Certification

The CNSS defines several standards, which include standards on training in IT security. Current certifications include: [4]

CNSS launched the National Information Assurance Certification and Accreditation Process (NIACAP) in 2000 [5] (was cancelled in 2012).

Related Research Articles

A protective distribution system (PDS), also called protected distribution system, is a US government term for wireline or fiber-optic telecommunication system that includes terminals and adequate acoustical, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information. At one time these systems were called "approved circuits".

<span class="mw-page-title-main">United States Intelligence Community</span> Collective term for US federal intelligence and security agencies

The United States Intelligence Community (IC) is a group of separate U.S. federal government intelligence agencies and subordinate organizations that work both separately and collectively to conduct intelligence activities which support the foreign policy and national security interests of the United States. Member organizations of the IC include intelligence agencies, military intelligence, and civilian intelligence and analysis offices within federal executive departments.

<span class="mw-page-title-main">Bureau of Intelligence and Research</span> Intelligence agency in the U.S. State Department

The Bureau of Intelligence and Research (INR) is an intelligence agency in the United States Department of State. Its central mission is to provide all-source intelligence and analysis in support of U.S. diplomacy and foreign policy. INR is the oldest civilian element of the U.S. Intelligence Community and among the smallest, with roughly 300 personnel. Though lacking the resources and technology of other U.S. intelligence agencies, it is "one of the most highly regarded" for the quality of its work.

Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabulary for discussing Information Assurance concepts.

The National Security Agency took over responsibility for all US government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

<span class="mw-page-title-main">Federal Information Security Management Act of 2002</span> United States federal law

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

The National Information Assurance Certification and Accreditation Process (NIACAP) formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

<span class="mw-page-title-main">Directorate of Military Intelligence (Ireland)</span> Military unit

The Directorate of Military Intelligence is the military intelligence branch of the Defence Forces, the Irish armed forces, and the national intelligence service of Ireland. The organisation has responsibility for the safety and security of the Irish Defence Forces, its personnel, and supporting the national security of Ireland. The directorate operates domestic and foreign intelligence sections, providing intelligence to the Government of Ireland concerning threats to the security of the state and the national interest from internal and external sources.

A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software or hardware that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, such as between different military divisions, intelligence agencies, or other operations which depend on the timely sharing of potentially sensitive information.

The counter-terrorism page primarily deals with special police or military organizations that carry out arrest or direct combat with terrorists. This page deals with the other aspects of counter-terrorism:

<span class="mw-page-title-main">International counter-terrorism activities of the CIA</span>

After the Central Intelligence Agency lost its role as the coordinator of the entire United States Intelligence Community (IC), special coordinating structures were created by each president to fit his administrative style and the perceived level of threat from terrorists during his term.

This article deals with the activities of the Central Intelligence Agency (CIA) of the federal government of the United States that constitute violations of human rights.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Corey Schou is University Professor of Informatics and Associate Dean at Idaho State University, director of the National Information Assurance Training and Education Center (NIATEC) and the Simplot Decision Support Center (SDSC), and for ten years the chair of the Colloquium for Information Systems Security Education (CISSE).

The National Information Assurance Training and Education Center (NIATEC) is an American consortium of academic, industry, and government organizations to improve the literacy, awareness, training and education standards in Information Assurance. It serves to develop professionals with IA expertise in various disciplines and ultimately contributes to the protection of the National Information Infrastructure.

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

Warrenton Training Center (WTC) is a classified United States government communication complex located in the state of Virginia. Established in 1951, it comprises four discrete stations located in Fauquier and Culpeper counties.

The Global Cyber Security Hall of Fame, founded by Larry Letow and Rick Geritz, was established in 2012 to recognize the contributions of key individuals in the field of cyber security; its mission statement is, Respect the Past – Protect the Future. According to its website, it is designed to honor the innovative individuals and organizations which had the vision and leadership to create the fundamental building blocks for the cybersecurity Industry. The organization also highlights major milestones in the industry's 40-year history through a timelineArchived 2013-12-30 at the Wayback Machine representation, which includes inductees and their corresponding accomplishments.

Certified Penetration Testing Engineer (C)PTE) is an internationally recognized cyber security certification administered by the United States–based information security company Mile2. The accreditation maps to the Committee on National Security Systems' 4013 education certification. The C)PTE certification is considered one of five core cyber security certifications.

References

  1. "Committee on National Security Systems". Homeland Security Digital Library. 1969-01-01. Retrieved 2021-09-04.
  2. "Definition and Dimension of CNSS Model". desklib.com. Retrieved 2023-06-08.
  3. 1 2 Metheny 2017, p. 218, Note 20.
  4. Schou 2003, p. 308.
  5. Metheny 2017, p. 219.

Sources

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.