NIST takes over security evaluation
s the United States embraces a new international evaluation scheme for secure computer products, a National Security Agency program that tests and issues assessments and ratings of such products is being shifted to the National Institute of Standards and Technology-although NSA will remain involved. Under the new arrangement, called the National Information Assurance Partnership, NIST will accredit private laboratories to do the testing, then validate the results and maintain a validated products list for use by federal agencies and anyone else.
As with NSA's Trust Technology Assessment Program, companies will submit their products for evaluation. NIST and NSA officials hope manufacturers will become more enthusiastic about getting products evaluated once the National Information Assurance Partnership evaluations are recognized by major European nations, expanding the market for certified-secure U.S. hardware and software.