Committee on National Security Systems
The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems.
The Committee's primary function is to coordinate and advise on Information Assurance policies.
The CNSS provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems. National security systems are information systems operated by the U.S. Government, its contractors or agents that contain classified information or that:
- Involve intelligence activities;
- Involve cryptographic activities related to national security;
- Involve command and control of military forces;
- Involve equipment that is an integral part of a weapon or weapons system(s); or
- Are critical to the direct fulfillment of military or intelligence missions (not including routine administrative and business applications).
Under Executive Order (E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information Age, the President redesignated the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the Committee under the authorities established by NSD-42. This was reaffirmed by Executive Order 13284, dated January 23, 2003, Executive Order Amendment of Executive Orders and Other Actions, in Connection with the Transfer of Certain Functions to the Secretary of Homeland Security.
The CNSS is supported by a Subcommittee comprised of representatives from the member organizations on the Committee. The Subcommittee is co-chaired on a rotational basis by CNSS member organizations and meets quarterly. The Subcommittee in conjunction with the Working Groups develops and issues guidelines, instructions, advisory memoranda, technical bulletins, and incident reports.
CNSS Focus Areas and Working Groups
- Global IT
- Information Sharing
- Architecture Information Sharing
- Risk Management
- Risk Assessment Methodology
- Certification & Accreditation
- TEMPEST Advisory Group
- Outreach & Awareness
- Education Training Awareness
- Metrics Assessment Evaluation
- Policy Review (FISMA & Assessment)
- Crypto Modernization
- National Telecom Security
- Classified Information Spillage
- Investment in Detection Response Recovery