E.2 U.S. Government Organizations

You will find helpful information at the following U.S. government organizations.

E.2.1 National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (formerly the National Bureau of Standards) has been charged with the development of computer security standards and evaluation methods for applications not involving the Department of Defense. Its efforts include research as well as developing standards.

Contact NIST and obtain more information on their activities at:

NIST Computer Security Division

100 Bureau Drive

Mail Stop 8930

Gaithersburg, MD 20899-8930

(301) 975-2934

http://www.nist.gov

NIST operates the Computer Security Resource Center:

http://csrc.nist.gov/

E.2.2 National Security Agency (NSA)

The NSA maintains lists of evaluated and certified products, as well as technical information about security, especially cryptography. Linux users may be interested in the NSA Secure Linux program, a set of kernel patches that enhances ^[1] Linux security. NSA also operates the National Cryptologic Museum in Maryland and has an online museum of cryptology.

^[1] We need to reinforce that here ”they enhance security. The underlying security of Linux is not guaranteed by these patches, nor do the SELinux patches address all known problems. They are a proof-of-concept for the community to observe and (we hope) adopt.

Find out more from the NSA web site at:

http://www.nsa.gov.

Also available from the site are a number of helpful configuration guides for common operating systems and routers. These guides provide helpful tips on changing default configurations to support better security and control.