FITSP Overview

Who is NIST?

The National Institute of Standards and Technology (NIST) was originally founded in 1901 as the National Bureau of Standards. In 1988 NBS was renamed to NIST and since its original inception in 1901 the agency’s mission has been to promote
U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve the quality of life.

In 2002, Congress passed FISMA (Federal Information Security Management Act) which put the responsibility of developing information security guidance for Federal
agencies in the hands of NIST. This framework of security guidance, standards, and practices is managed by NIST at the following website: http://csrc.nist.gov.

Why FITSP?

Due to ongoing security threats to United States government information systems, the need for highly trained information security professionals within the Federal space has never been higher. Network and cyber attacks continue to become more sophisticated forcing the United States government to qualify the skills of professionals that work on Federal systems. Attempts have been made in the recent past to create a baseline of skills but none has mapped directly to the needs of the Federal government.

As an example, in 2005, the United States Department of Defense mandated a baseline of IT security skills through a directive known as DoD 8570.1. The knowledge verified by the certifications on the 8570.1 directive attempts to validate that IA personnel working
on DoD systems possess an appropriate understanding of the concepts, principles, and applications to enhance the confidentiality, integrity and availability of DoD information, information systems, and networks. While these certifications measure IT security skills
of professionals by validating them against industry best practices, they tend to neglect the direct needs of the federal government.

For many years NIST® (National Institute of Standards and Technologies) has developed standards, guidance, processes and practices for the Federal space regarding IT security and information assurance. There has yet to be a way to validate the skills of IT
security and information assurance workers against this mandated framework. Until now. The FITSP certification synergizes the general knowledge of other security certifications, with the standards and practices that are being used by the United States Federal government.

For the past seven years (since 2002) the United States Congress has been tracking the security posture of Federal agencies with FISMA (Federal Information Security Management Act). Yearly audits are conducted on each agency as to their compliance with NIST standards and a report card is submitted to Congress via OMB (the Office of Management and Budget). In 2007 the collective grading of the entire Federal government was only a C. The end objective of all agencies is to have a security program in place that protects the assets, operations, and people of the government by receiving an "A." While yearly progress has been made in the past six years by most agencies, there is still much work to be done.

The FITSP certification program will help by building awareness of appropriate NIST and other federal standards throughout the workforce and thus help increase the security posture of all Federal agencies.