The Information Technology Security and Networking (ITSN) Division organizationally resides in the Office of the Chief Information Officer, NIST. The ITSN is the focal point for addressing NIST-wide information technology (IT) security issues. Functions of the ITSN include establishing, implementing, and testing information security policies, procedures, and technologies for NIST's administrative and scientific environments. The ITSN also investigates computer security breaches by a NIST user or through a NIST system. To report a security incident or to discuss an IT concern related to NIST, contact the IT Security Officer at nist-itso [at] nist.gov (nist-itso[at]nist[dot]gov) or 301-975-5375.
All non-public users of NIST information technology are required to read, acknowledge, and sign the NIST Policy on IT Resources Access and Use. The NIST Policy on IT Resources Access and Use is located at: policy_accnuse.cfm and the signature page is located at: memo_accessnuse_sign.cfm. The signature page must be signed, dated and mailed to NIST iTAC, 100 Bureau Drive, Gaithersburg, MD 20899-1820.
The role of the ITSN should not be confused with that of the Information Technology Laboratory's Computer Security Division. Under the Computer Security Act of 1987, the Computer Security Division develops security standards and guidelines for sensitive (unclassified) Federal IT systems and works with industry to help improve the security of commercial IT products. The Division has key focused activities in the areas of cryptographic standards and applications, security of emerging technologies, security management, and security testing. The ITSO benefits from having access to subject matter experts, and the division benefits from having the environment to apply the research conducted and to contribute operational experience to its activities. For more information on the ITL Computer Security Division, see http://csrc.nist.gov.