Abstract
In carrying out its charter to help federal agencies meet their individual information technology (IT) security requirements, the National Institution of Standards and Technology (NIST) must understand what agencies need to meet those requirements. The intial effort to improve NIST\'s ability to identify and assess these agency needs consisted of reviewing existing documented sources of IT security-related requirements and needs, conducting and in-depth study, and establishing ongoing mechanisms to facilitate communication between NIST and agencies. The recently conducted study involved interviews with federal agency staff and a survey in which respondents indicated the importance and immediacy of a set of three dozen candidate needs. Study participants were selected to represent a wide variety of fereal IT security environments, applications, individual perspectives, and data processing environments.
The results of the study contribute to a sound basis for planning future NIST IT security standards, guidance, and related activities. NIST is commited to security standards, guidance, and related activities. NIST is committed to developing and documenting a clear understanding of agency needs in this area and to using the documented, validated, needs as input to its program planning process.
This report documents the study.
Contents
I. Introduction
II. Approach and Methodology
III. Analysis of Survey Data
IV. Findings, Observations, and Discussion