Cybersecurity standards organizations exist to enable the development and promulgation of standards to govern the protection and assurance of networks and data. Among the most prominent cybersecurity standards organizations are:
- Institute of Electrical and Electronics Engineers (IEEE)
- International Organization for Standardization (ISO)
- Internet Corporation for Assigned Names and Numbers (ICANN)
- Internet Engineering Task Force (IETF)
Some cybersecurity standards bodies are voluntary. These organizations derive their influence from experts operating by consensus to drive the adoption and promulgation of standards. Other organizations are mandated by law (e.g., the National Institute of Standards and Technology—NIST) and/or are established by government agencies.
Check Your Knowledge
Choose the best answer to each question:
Question
1
Which of the following US governmental organizations is responsible for advancing measurement science, standards, and technology, including that for computer systems?
FTC
FISMA
NIST
ISO
Incorrect. The Federal Trade Commission (FTC) prevents business practices that are anticompetitive or deceptive or unfair to US consumers. Try again.
Incorrect. The Federal Information Security Management Act (FISMA) assigns responsibilities to various agencies to ensure the security of data in the federal government and requires each agency to inventory its major computer systems, identify and provide appropriate security protections, and develop, document, and implement an agency-wide information security program. Try again.
That's correct. The National Institute of Standards and Technology (NIST) is charged with advancing measurement science, standards, and technology (including computer systems) in the United States.
Incorrect. The International Organization for Standardization (ISO) is a nongovernmental, independent, international standards organization. Try again.
Question
2
Which of the following acts gave the responsibility for developing guidelines for protecting unclassified but sensitive information in government computers to the National Institute of Standards and Technology (NIST)?
Foreign Intelligence Surveillance Act (FISA)
Computer Security Act (CSA)
Federal Information Security Management Act (FISMA)
Internet Engineering Task Force Act (IETFA)
Incorrect. FISA provides procedures for obtaining authorization for investigating potential non-US espionage and terrorism against the United States and does not have the responsibilities listed.
That's correct. The CSA provided NIST with the responsibility for developing guidelines for protecting unclassified but sensitive information in government computers.
Incorrect. FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government and requires each agency to inventory its major computer systems, identify and provide appropriate security protections, and develop, document, and implement an agency-wide information security program. Try again.
Incorrect. Although there is an Internet Engineering Task Force, it does not have an associated act. Try again.
Question
3
The National Institute of Standards and Technology (NIST) collaborates with which of the following agencies to establish a common foundation for information security across the federal government?
Internet Engineering Task Force (IETF)
US Department of Defense (DoD)
Committee on National Security Systems (CNSS)
none of the above (NIST has full responsibility for this)
The IETF is not an agency that collaborates with NIST; it is an international, nongovernmental standards body. Try again.
The DoD is not charged with collaborating with NIST on establishing a common foundation for information security across the federal government. Try again.
That's correct. The CNSS collaborates with NIST to establish a common foundation for information security across the federal government.
NIST does not have full responsibility for establishing a common foundation for information security across the federal government. Try again.
Question
4
Which of the following acts was signed into law as part of the e-Government act of 2002 and requires each agency to inventory its major computer systems, identify and provide appropriate security protections, and develop, document, and implement an agency-wide information security program?
Sarbanes-Oxley (SOX)
Federal Information Security Management Act (FISMA)
Gramm–Leach–Bliley Act (GLBA)
Computer Security Act (CSA)
Although SOX was signed into law in 2002, it is not focused on the activities noted. Try again.
That's correct. FISMA was signed into law as part of the E-Government act of 2002 that requires each agency to inventory its major computer systems, identify and provide appropriate security protections, and develop, document, and implement an agency-wide information security program.
The GLBA was signed into law in 1999 and does not focus on the activities noted. Try again.
The CSA does not focus on the activities noted. Try again.
Question
5
Which of the following organizations is the world's largest developer of nonbinding international standards relating to business and technology? One of its standards provides "guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization."
National Institute of Standards and Technology (NIST)
International Organization for Standardization (ISO)
National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO)
none of the above
Incorrect. NIST does not develop nonbinding international standards. Try again.
That's correct. The ISO is the world's largest developer of nonbinding international standards relating to business and technology, including providing "guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization."
One of the options is not correct. Try again.
One of the options is correct. Try again.