[Federal Register Volume 65, Number 102 (Thursday, May 25, 2000)]
[Notices]
[Pages 33808-33809]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-13144]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology


Announcing a Meeting of the Computer System Security and Privacy 
Advisory Board

AGENCY: National Institute of Standards and Technology.

ACTION: Notice of meeting.

-----------------------------------------------------------------------

[[Page 33809]]

SUMMARY: Pursuant to the Federal Advisory Committee Act, 5 U.S.C. App., 
notice is hereby given that the Computer System Security and Privacy 
Advisory Board (CSSPAB) will meet Tuesday, June 13, 2000, Wednesday, 
June 14, 2000, and Thursday, June 15, 2000, from 9:00 a.m. to 5:00 p.m. 
The Advisory Board was established by the Computer Security Act of 1987 
(Pub. L. 100-235) to advise the Secretary of Commerce and the Director 
of NIST on security and privacy issues pertaining to federal computer 
systems. All sessions will be open to the public Details regarding the 
Board's activities are available at http://csrc.nist.gov/csspab/.

DATES: The meeting will be held on June 13-15, 2000, from 9 a.m. to 5 
p.m.

ADDRESSES: The meeting will take place at the National Institute of 
Standards and Technology, North Campus, 820 West Diamond Avenue, 
Gaithersburg, MD in Lecture Room 152.

Agenda

    As part of this meeting, a ``security metrics'' workshop will be 
held on June 13 and 14, 2000, to examine the approaches to measuring 
security. The following topics will be explored:
--Definitions of ``metrics''
--Measures of security against specific security threats
--Measures of overall system security
--Qualitative measures, e.g., adherence to ``standards'' or checklists 
of practices
--Live, real-time measures of security in extended networks
--Use of statistically-sampled data in measurement systems
--Effective communications of metrics, assurance levels and risk 
management tradeoffs to executives, lawmakers, and the public so that 
risks and protections are properly understood in both business and 
public policy terms.

    The first day of this workshop will be dedicated to presentations 
from the government, the private sector, and public sector 
organizations. The second day will consist of case studies presented by 
a government panel and an industry panel.
    The last day of the meeting, Thursday, June 15, 2000, the Board 
will review the progress of the workshop and, as appropriate, plan or 
recommend follow-on activity. The Board will also devote discussion 
period to develop the Board's future program and to identify key 
issues.

Public Participation

    The Board agenda will include a period of time, not to exceed 
thirty minutes, for oral comments and questions from the public. Each 
speaker will be limited to five minutes. Members of the public who are 
interested in speaking are asked to contact the Board Secretariat at 
the telephone number indicated below. In addition, written statements 
are invited and may be submitted to the Board. It would be appreciated 
if 35 copies of written material were available for distribution to the 
Board and attendees at the meeting no later than June 5, 2000. 
Approximately 15 seats will be available for the public and media.

FOR FURTHER INFORMATION CONTACT: Mr. Edward Roback, Board Secretariat, 
Information Technology Laboratory, National Institute of Standards and 
Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, 
telephone: (301) 975-3696.

    Dated: May 18, 2000.
Jorge Urrutia,
Acting Director, NIST.
[FR Doc. 00-13144 Filed 5-24-00; 8:45 am]
BILLING CODE 3510-CN-M