NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Documentation

Annual Reports

All Annual reports after 1995 are found on the GSA web page at: Federal Advisory Committee Act (FACA) . When you reach the site, click on FACA Database (Version 1 - 1997 - 2013) which is the data that was added from the fall of 1997 through May of 2013. To view reports and information beyond May 2013, please select “SEARCH” the third tab from left/second from right, and enter “Information Security” to reach the page for Information Security and Privacy Advisory Board to view reports.

There is an annual report included in NIST Computer Security Division Annual Report, and the ISPAB report for 2012 can be found on pages 31 33 of NIST Special Publication 800-165, Computer Security Division 2012 Annual Report


Back to Top

Recommendations & Resolutions

January 2014

NIST Cybersecurity Framework
A letter was submitted to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending the inclusion of a privacy methodology consistent with the Fair Information Practice Principles (FIPPs). The letter also commended on NIST’s work and collaboration in drafting the preliminary framework.

Letter to The Honorable Honorable Sylvia Mathews Burwell, Director, U.S. Office of Management and Budget, Washington, DC. and
Dr. Patrick Gallagher, Under Secretary of Commerce for Standards and Technology; Director, National Institute of Standards and Technology

January 2014

NIST Cryptographic Standards
After reviewing NIST cryptographic standards at the Board’s December 2013 meeting, the Board submitted a letter to Director, OMB and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, commending on NIST’s encryption standards development process and NIST’s interest in exploring new institutional partnerships to build on the credibility of its program.

Letter to The Honorable Honorable Sylvia Mathews Burwell, Director, U.S. Office of Management and Budget, Washington, DC. and
Dr. Patrick Gallagher, Under Secretary of Commerce for Standards and Technology; Director, National Institute of Standards and Technology

June 2013

Submission of comments to FDA draft guidance entitled ‘‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
In response to FDA’s draft guidance issued on June 14, 2013, ISPAB submitted the recommendation letter sent to OMB in April 2012 as comments.

Letter to Division of Dockets Management (HFA 305), Food and Drug Administration, Rockville, MD.

June 2013

NIST Cybersecurity Framework
A letter submitted to the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending that NIST, DHS, and the sector agencies to engage the leadership of NIPP SCC’s and GCC’s in the creation of the Framework.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2013

NIST Special Publication 800-53 Revision 4
The letter submitted to the Deputy Director, US Office of Management and Budget, describing the reasons for ISPAB support for the adoption of this publication.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

February 2013

Privacy and Civil Liberties Oversight Board (PCLOB)
A letter of recommendation was submitted to the Deputy Director, US Office of Management and Budget, and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology. The letter conveys the ISPAB’s support for establishing the PCLOB so that it can serve the role intended in the President’s Executive Order (EO) on Improving Critical Infrastructure Cybersecurity.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

July 2012

The letter of recommendations submitted to the Deputy Director, US Office of Management and Budget, relating to the discussion on sharing information on cyber threats and indicators.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the risks of outdated computer operating systems used by Federal Agencies.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the importance of maintaining security in medical devices.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

February 2012

The letter provides recommendations to the Under Secretary of Commerce for Standards and Technology for raising national awareness in future Cybersecurity Awareness Months.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

November 2011

The letter is requesting the Under Secretary of Commerce for Standards and Technology to review a paper presented by Dr. Fred Schneider. Dr. Schneider's work, done in collaboration with Deirdre Mulligan, discusses the need to build a shared understanding of cyber security doctrine as a key underpinning of cyber policy and practice.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2011

The letter offers recommendations to the Under Secretary re. goals for a research program to support NSTIC.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

September 2010

The letter provides initial recommendations to OMB re. leadership for Initiative 8 of the Comprehensive National Cybersecurity Initiative, regarding Cyber Education. This is intended to help NIST, OMB, and the Administration in addressing certain gaps to enhance the chances for success at the outset of its leadership for this key national program.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

January 2010

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding some difficult technical problems concerning security and privacy for access to patient data. It discusses two technical areas that have particular importance in IT for healthcare delivery in building trustworthy computing systems.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

October 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to the NIST ITL Director on their proposed reorganization, and specifically those elements of the reorganization that would impact the Computer Security Division and NIST’overall role regarding Federal agency information security.

Letter to Ms. Cita Furlani, Director, Information Technology Laboratory, National Institute of Standards and Technology.

May 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding updating privacy law and policy in light of technological change.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

December 2008

Einstein Program Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the Einstein Program.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

FISMA Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the efficacy of security metrics in regard to FISMA.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

EBK Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the information Security Essential Body of Knowledge (EBK) project.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

COOP Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board, that OMB and NIST work with DHS and other involved agencies to issue guidance on incorporating sound security and privacy practices into emergency response.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

REAL ID Letter:
This letter offers the comments and advice of the Information Security and Privacy Advisory Board's, concept of the issues and views on the Real ID program’s use of encryption.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

June 2006

Subject: This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on progress of the National Information Assurance Program (NIAP) review since its initiation in mid-2004. It provided recommendations on the key issues with NIAP.

Letter to The Honorable Rob Portman, Director, Office of Management and Budget.

January 2005

This letter offers the comments and advice of the Information Security and Privacy Advisory Board, on Section 522 of the Consolidated Appropriations Act of 2005, Division H Transportation/Treasury, which provides for the establishment of statutory Chief Privacy Officers in Federal departments and agencies and prescribes certain actions to meet Federal government privacy management responsibilities.

August 2004

The Board produced the report "The National Institute of Standards and Technology Computer Security Division: The Case for Adequate Funding" in June 2004. A letter transmitting the final report and Board recommendations for consideration was submitted to the Honorable Joshua B. Bolten, Director of the Office of Management and Budget.

August 2002

Final Report "Computer System Security and Privacy Advisory Board Findings and Recommendations on Government Privacy Policy Setting and Management," was approved by the Board at their September 17-19, 2002, meeting


Back to Top

White Paper


Back to Top

Board Correspondence

June 2013

Submission of comments to FDA draft guidance entitled ‘‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
In response to FDA’s draft guidance issued on June 14, 2013, ISPAB submitted the recommendation letter sent to OMB in April 2012 as comments.

Letter to Division of Dockets Management (HFA 305), Food and Drug Administration, Rockville, MD.

June 2013

NIST Cybersecurity Framework
A letter submitted to the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology, recommending that NIST, DHS, and the sector agencies to engage the leadership of NIPP SCC’s and GCC’s in the creation of the Framework.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2013

NIST Special Publication 800-53 Revision 4
The letter submitted to the Deputy Director, US Office of Management and Budget, describing the reasons for ISPAB support for the adoption of this publication.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

February 2013

Privacy and Civil Liberties Oversight Board (PCLOB)
A letter of recommendation was submitted to the Deputy Director, US Office of Management and Budget, and the Under Secretary of Commerce for Standards and Technology, Director, National Institute of Standards and Technology. The letter conveys the ISPAB’s support for establishing the PCLOB so that it can serve the role intended in the President’s Executive Order (EO) on Improving Critical Infrastructure Cybersecurity.

Letter to The Honorable Jeffery Zients, Deputy Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the importance of maintaining security in medical devices.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

April 2012

The letter provides recommendations to the Deputy Director, US Office of Management and Budget, of the risks of outdated computer operating systems used by Federal Agencies.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

February 2012

The letter provides recommendations to the Under Secretary of Commerce for Standards and Technology for raising national awareness in future Cybersecurity Awareness Months.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

November 2011

The letter is requesting the Under Secretary of Commerce for Standards and Technology to review a paper presented by Dr. Fred Schneider. Dr. Schneider's work, done in collaboration with Deirdre Mulligan, discusses the need to build a shared understanding of cyber security doctrine as a key underpinning of cyber policy and practice.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

March 2011

The letter offers recommendations to the Under Secretary re. goals for a research program to support NSTIC.

Letter to The Honorable Patrick Gallagher, Under Secretary of Commerce for Standards and Technology, Director, NIST, Gaithersburg, MD.

September 2010

The letter provides initial recommendations to OMB re. leadership for Initiative 8 of the Comprehensive National Cybersecurity Initiative, regarding Cyber Education. This is intended to help NIST, OMB, and the Administration in addressing certain gaps to enhance the chances for success at the outset of its leadership for this key national program.

Letter to The Honorable Jeffery Zients, Acting Director, U.S. Office of Management and Budget, Washington, DC.

January 2010

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding some difficult technical problems concerning security and privacy for access to patient data. It discusses two technical areas that have particular importance in IT for healthcare delivery in building trustworthy computing systems.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

October 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to the NIST ITL Director on their proposed reorganization, and specifically those elements of the reorganization that would impact the Computer Security Division and NIST’overall role regarding Federal agency information security.

Letter to Ms. Cita Furlani, Director, Information Technology Laboratory, National Institute of Standards and Technology.

May 2009

This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding updating privacy law and policy in light of technological change.

Letter to The Honorable Peter Orszag, Director, Office of Management and Budget.

December 2008

Einstein Program Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the Einstein Program.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

FISMA Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the efficacy of security metrics in regard to FISMA.

Letter to The Honorable Jim Nussle, Director, Office of Management and Budget.

July 2008

EBK Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board to OMB regarding the information Security Essential Body of Knowledge (EBK) project.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

COOP Letter:
This letter offers recommendations of the Information Security and Privacy Advisory Board, that OMB and NIST work with DHS and other involved agencies to issue guidance on incorporating sound security and privacy practices into emergency response.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

September 2007

REAL ID Letter:
This letter offers the comments and advice of the Information Security and Privacy Advisory Board's, concept of the issues and views on the Real ID program’s use of encryption.

Letter to The Honorable Karen Evans, Administrator for Electronic Government and Information Technology, Office of Management and Budget.

June 2006

Subject: The Board has followed the progress of the National Information Assurance Program (NIAP) review since its initiation in mid-2004 and has received several progress briefings on the review, most recently at its March 2006 meeting. While the final report of the review has still not been released, the March briefing gave the Board a clear sense of the direction that the review has taken.

Letter to The Honorable Rob Portman, Director, Office of Management and Budget.

September 15, 2004

Subject: Report on funding for the cyber security program at the National Institute of Standards and Technology (NIST) prepared by ISPAB.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

June 2004

Subject: Request for Board's advice on a list of activities that would be useful for both the Board and NIST to meet our respective statutory responsibilities for FY 2005.

Letter to Mr. Franklin S. Reeder, Chairman, Information Security and Privacy Advisory Board (ISPAB). From Mr. Ed Roback, Division Chief, Computer Security Division, NIST.

October 30, 2003

Subject: The issue of agencies using Web-based transactions to provide "e-government" services to members of the public. A key issue was whether (and how) an application might place program code (often referred to as "plug-ins" or "mobile code") into the user's browser.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

August 20, 2003

Subject: The e-Authentication initiative and the importance of establishing privacy policies and practices as mandatory components of technical models and systems being considered to support e-authentication services.

Letter to The Honorable Joshua B. Bolten, Director Office of Management and Budget.

April 8, 2003

Subject: Discussion of considerations the Board feels are important to the ongoing development of the National Strategy to Secure Cyberspace, issued February, 2003.

Letter to The Honorable Mitchell E. Daniels, Jr., Director, Office of Management and Budget.

December 20, 2002

Subject: The Board's observations and recommendations on the September draft of the Strategy to Secure Cyberspace.

Letter to Mr. David Howe, Chief of Staff, Office of Cyberspace Security.

May 20, 2002

Subject: Final draft of a report of the Computer System Security and Privacy Advisory Board adopted at its March 2002 meeting.

Letter to The Honorable Donald L. Evans, Secretary of Commerce.

December 14, 2001

Subject: Support of initiative of the National Security Council and the Partnership for Critical Infrastructure Security to educate home users and small business owners on computer security measures.

Letter to The Honorable Donald L. Evans, Secretary of Commerce.

April 9, 2001

Subject: Board's views on the Subcommittee's publication "First Report Card on Computer Security at Federal Departments and Agencies."

Letter to The Honorable Stephen Horn, Chairman, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, House Committee on Government Reform.

If you have any questions or need information please e-mail Matthew Scholl.