The National Institute of Standards and Technology, or NIST, is a non-regulatory federal agency under the Department of Commerce headquartered in Gaithersburg, Maryland. A NIST certification is important because it supports and develops measurement standards for a particular service or product. It is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. The Federal Information Security Management Act (FISMA) requires that all federal agencies develop and apply an information security program with specific requirements. If a product does not meet the minimum requirements/standards, which are determined by NIST, then it cannot be used. The Special Publication 800 (SP 800) certification provides separate requirements for information technology security publications. SP 800 helps ensure software vendors meet government information technology security standards. NIST-certified products are tested in order to guarantee their accuracy. The certification standards are derived from Information Technology Laboratory (ITL) research, guidelines, and outreach efforts in computer security and collaborative activities with the government, academic organizations, and their particular industry.
Posted on December 16, 2009