National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987

T-IMTEC-89-7: Published: May 4, 1989. Publicly Released: May 4, 1989.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO discussed the memorandum of understanding between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) regarding the implementation of the Computer Security Act of 1987. GAO noted that, under the memorandum: (1) NIST was responsible for appointing a computer security and privacy advisory board, applying NSA security guidelines to the extent they were consistent with requirements for protecting sensitive information, recognizing NSA-certified ratings of systems without requiring additional evaluation, and developing standards for protecting sensitive unclassified data; (2) NSA was responsible for providing NIST with technical guidelines regarding security and technology research, responding to NIST requests on all cryptography matters, establishing standards and endorsing products for application to secure military systems, and assessing hostile intelligence threats against federal information systems; and (3) NIST and NSA agreed to jointly review agencies' security plans, exchange technical standards and guidelines, avoid duplicative effort, exchange work plans, and establish a technical working group. GAO believes that the memorandum may provide NSA with more than the legislatively intended consultative role in securing federal agency handling of sensitive, unclassified information, since the memorandum does not adequately specify NIST authority over NSA responsibilities and involvement in NIST functions.

Sep 17, 2020

Sep 16, 2020

Aug 18, 2020

May 27, 2020

May 13, 2020

Apr 24, 2020

Apr 13, 2020

Feb 11, 2020

Dec 12, 2019

Sep 25, 2019

Looking for more? Browse all our products here