National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987

T-IMTEC-89-7: Published: May 4, 1989. Publicly Released: May 4, 1989.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO discussed the memorandum of understanding between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) regarding the implementation of the Computer Security Act of 1987. GAO noted that, under the memorandum: (1) NIST was responsible for appointing a computer security and privacy advisory board, applying NSA security guidelines to the extent they were consistent with requirements for protecting sensitive information, recognizing NSA-certified ratings of systems without requiring additional evaluation, and developing standards for protecting sensitive unclassified data; (2) NSA was responsible for providing NIST with technical guidelines regarding security and technology research, responding to NIST requests on all cryptography matters, establishing standards and endorsing products for application to secure military systems, and assessing hostile intelligence threats against federal information systems; and (3) NIST and NSA agreed to jointly review agencies' security plans, exchange technical standards and guidelines, avoid duplicative effort, exchange work plans, and establish a technical working group. GAO believes that the memorandum may provide NSA with more than the legislatively intended consultative role in securing federal agency handling of sensitive, unclassified information, since the memorandum does not adequately specify NIST authority over NSA responsibilities and involvement in NIST functions.

Sep 28, 2017

Aug 3, 2017

Jul 27, 2017

Jul 26, 2017

May 31, 2017

May 23, 2017

Apr 4, 2017

Mar 30, 2017

Mar 28, 2017

Feb 14, 2017

Looking for more? Browse all our products here