National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987

T-IMTEC-89-7: Published: May 4, 1989. Publicly Released: May 4, 1989.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO discussed the memorandum of understanding between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) regarding the implementation of the Computer Security Act of 1987. GAO noted that, under the memorandum: (1) NIST was responsible for appointing a computer security and privacy advisory board, applying NSA security guidelines to the extent they were consistent with requirements for protecting sensitive information, recognizing NSA-certified ratings of systems without requiring additional evaluation, and developing standards for protecting sensitive unclassified data; (2) NSA was responsible for providing NIST with technical guidelines regarding security and technology research, responding to NIST requests on all cryptography matters, establishing standards and endorsing products for application to secure military systems, and assessing hostile intelligence threats against federal information systems; and (3) NIST and NSA agreed to jointly review agencies' security plans, exchange technical standards and guidelines, avoid duplicative effort, exchange work plans, and establish a technical working group. GAO believes that the memorandum may provide NSA with more than the legislatively intended consultative role in securing federal agency handling of sensitive, unclassified information, since the memorandum does not adequately specify NIST authority over NSA responsibilities and involvement in NIST functions.

Sep 20, 2016

Sep 15, 2016

Jun 29, 2016

Jun 21, 2016

Apr 28, 2016

Apr 14, 2016

Apr 12, 2016

Mar 23, 2016

Dec 17, 2015

Nov 17, 2015

Looking for more? Browse all our products here