Cybersecurity Standards Organizations

Cybersecurity standards organizations exist to enable the development and promulgation of standards to govern the protection and assurance of networks and data. Among the most prominent cybersecurity standards organizations are:

  • Institute of Electrical and Electronics Engineers (IEEE)
  • International Organization for Standardization (ISO)
  • Internet Corporation for Assigned Names and Numbers (ICANN)
  • Internet Engineering Task Force (IETF)

Some cybersecurity standards bodies are voluntary. These organizations derive their influence from experts operating by consensus to drive the adoption and promulgation of standards. Other organizations are mandated by law (e.g., the National Institute of Standards and Technology—NIST) and/or are established by government agencies.

Check Your Knowledge

Choose the best answer to each question:
Question 1
Which of the following US governmental organizations is responsible for advancing measurement science, standards, and technology, including that for computer systems?
FTC
FISMA
NIST
ISO
Question 2
Which of the following acts gave the responsibility for developing guidelines for protecting unclassified but sensitive information in government computers to the National Institute of Standards and Technology (NIST)?
Foreign Intelligence Surveillance Act (FISA)
Computer Security Act (CSA)
Federal Information Security Management Act (FISMA)
Internet Engineering Task Force Act (IETFA)
Question 3
The National Institute of Standards and Technology (NIST) collaborates with which of the following agencies to establish a common foundation for information security across the federal government?
Internet Engineering Task Force (IETF)
US Department of Defense (DoD)
Committee on National Security Systems (CNSS)
none of the above (NIST has full responsibility for this)
Question 4
Which of the following acts was signed into law as part of the e-Government act of 2002 and requires each agency to inventory its major computer systems, identify and provide appropriate security protections, and develop, document, and implement an agency-wide information security program?
Sarbanes-Oxley (SOX)
Federal Information Security Management Act (FISMA)
Gramm–Leach–Bliley Act (GLBA)
Computer Security Act (CSA)
Question 5
Which of the following organizations is the world's largest developer of nonbinding international standards relating to business and technology? One of its standards provides "guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization."
National Institute of Standards and Technology (NIST)
International Organization for Standardization (ISO)
National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO)
none of the above