About Us Initiatives Press/News Links/Resources Contact Events Privacy Policy
Awareness Early Warning Tech Standards Software Lifecycle Governance


1. Awareness for Home Users and Small Businesses
This task force works to regenerate the outreach initiated by the National Cyber Security Alliance through online programs such as Stay Safe Online and Cyber Citizen. Task force members have provided their perspectives on best practices in education and awareness and have made suggestions for how a public/private national outreach awareness campaign can reach 50 million home users and small businesses within one year, using paid and earned media, ISPs, security vendors and other outlets.

Executive Summary (PDF)
Full Report (PDF)

2. Cyber Security Early Warning
This task force tracks Priority #1 of the National Strategy — a national cyber security response system. The challenge is to improve the sharing, integrating and disseminating of information about vulnerabilities, threats and incidents among distributed information systems, at both the technological level and the organizational, human level. The goal is to build a system in which critical information is distributed in a timely way before an incident occurs.

Early Warning Contact Network (EWAN) Executive Summary (PDF)

National Crisis Coordination Center (NCCC) Executive Summary (PDF)

3. Security Across the Software Development Life Cycle
Task force members have considered how to achieve meaningful and measurable vulnerability reductions through collaborative standards, tools and measures for software; new tools and methods for rapid patch deployment; and best-practice adoption across the entire critical infrastructure. The work has included discussion of how to build — and how to teach building — secure software from the ground up, as an embedded and simple feature in all software systems going forward. This important task force is comprised of software experts from the vendor, systems integration and end-user communities.

Executive Summary (PDF)
Full Report (PDF)

Software Subgroup Appendix (PDF)

4. Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.

Full Report (PDF)
Process and Statistical Appendix (PPT)

5. Technical Standards and Common Criteria
This task force pursued a wide-ranging goal with respect to technical standards, and a more focused objective with respect to the federal government’s Common Criteria. The task force has worked on bringing together experts within the private sector and leading research universities to develop new tools, technologies or practices that can reduce vulnerabilities at every level — from the federal government to large and small enterprises and individual home users. The Common Criteria focus has resulted in recommendations for improving the system as it pertains to industry compliance and on how federal agencies can use and implement the system in a more effective way for their own purposes.

Executive Summary (PDF)
Full Report (PDF)