Shopping for secure technology solutions can be confusing, and this confusion often arises out of the myriad of standards and approval bodies that companies advertise in their marketing materials. Making sense of who these organizations are and what they do can help to keep you informed as you evaluate your technology options, so we've compiled a brief overview of what to look for.
IETF The Internet Engineering Task Force is an open standards organization which develops and promotes voluntary Internet standards. The IETF's Internet standards are widely used across the web, and it is this standardization that has contributed to the web's universality. An example of a commonly-used IETF standard is the Uniform Resource Locator, or URL, which is used to locate websites. By standardizing along this common format, the web has become more useful for everyone by making it easy to find websites and other online resources.
All of the IETF's internet standards go through a lengthy review process during which time experts critique proposals and work to improve them. As a result, you can be confident that a technology or protocol which has been accepted as an IETF internet standard will work as it is intended.
NIST The National Institute of of Standards and Technology is a physical sciences laboratory that operates under the United States Department of Commerce. NIST's mission is to "promote innovation and industrial competitiveness", and it strives to do this through a series of offices and initiatives which focus on various sectors of the economy. The Computer Security Resource Center (CSRC) is the most relevant to consumers looking for technology solutions, as it deals with things like approved cryptographic algorithms and digital signature algorithms. NIST is responsible for certifying cryptographic algorithms for use in U.S. Government systems, and also certifies algorithms for use in other levels of secure systems. Algorithms that NIST has approved for use by the U.S. Government are generally regarded as being highly secure, and include the popular AES algorithm. If a technology you are considering uses a NIST-approved encryption algorithm, you can be sure that it has been vetted by professionals, and it should be easy to find published documentation about NIST's assessment of that system.
ISO The International Organization for Standardization is an independent, non-governmental organization with a membership of 165 national standards bodies. Through ISO, representatives from member organizations collaborate to set standards in a variety of industries around the world. Not unlike NIST, ISO's mission is to define standards that boost industrial and economic efficiency. Most ISO standards are copyright-protected and must be purchased for use, but about 300 of these standards are available free-of-charge for public use. Most of these free standards were jointly developed by ISO and the International Electrotechnical Commission (IEC).
IEC The International Electrotechnical Commission is a global, not-for-profit membership organization, whose work facilitates technical innovation, affordable infrastructure development, efficient and sustainable energy access, smart urbanization and transportation systems, climate change mitigation, and increased personal and environmental safety. It is considered a leading organization for the preparation and publication of international standards for all electrical, electronic, and related technologies ("electrotechnology"). The IEC International Standards serve as the basis for risk and quality management and are used in testing and certification to verify that manufacturers' claims are true.
TIA The Telecommunications Industry Association is a standards developing organization that creates standards and technical documents based on guidelines established by the American National Standards Institute (ANSI) as a standards developing organization. TIA operates nine engineering committees that develop guidelines for private radio equipment, cellular towers, VoIP, structured cabling, satellites, telephone terminal equipment, accessibility, data centres, mobile device communications, vehicular telematics, smart device communications, and smart utility mesh networks.
To ensure that these standards become globally established, TIA collaborates with the International Telecommunication Union (ITU), the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC).
W3C The World Wide Web Consortium is a leading standards body in web development. W3C develops standards and guidelines for the web, primarily in the areas of website coding and usability. W3C standards define an Open Web Platform for application development that has the unprecedented potential to enable developers to build rich interactive experiences, powered by vast data stores, that are available on any device.
WSA The Website Standards Association is an organization that sets technical and business functionality standards for websites. WSA has developed standards in the areas of business purpose, internet marketing, website usability, and technology which improves the effectiveness of business websites.
