ITL’S USABILITY REPORTING DOCUMENT PROVES USEFUL
TO INDUSTRY DEVELOPERS
The recently approved ANSI/INCITS standard, Common Industry Format (CIF) for Usability Test Reports, is already proving to be an effective vehicle for sharing information between software suppliers and customers. Development of the standard was coordinated with industry by our Information Access Division.
Several pilot studies have been conducted which verify the CIF’s usefulness in improving software design and procurement. By using the CIF, software suppliers have found a means to learn more about their customers’ requirements, which allows them to develop products better suited to their customers’ needs; this is expected to greatly reduce development time and result in more usable products. In addition, software consumers are learning more about the use of software in their own organizations and the financial benefits of improving usability by using the CIF. The initial focus of the pilot studies has been on software for upgrades, new software products, and custom applications. Our role in the pilot studies has been to act as a collection and dissemination agent and to facilitate sharing results from the pilot studies to refine the common usability reporting format and the associated metrics.
As a
result of initial pilot studies, Oracle, a large supplier of database products, has standardized on the CIF
for reporting usability tests within their company. The Boeing Desktop
Standards Board voted to adopt the CIF as the Boeing standard for software
product usability. Boeing product managers are encouraged to work proactively
with suppliers to begin applying the CIF during the design stage of product
development. The Boeing Company is an
international manufacturing firm that is also a large consumer of software
products. In the
Oracle/Boeing pilot study, the CIF was used as a communication vehicle for
exchanging user requirements and usability data over a one-year period. Based on the last CIF delivered by
Oracle, Boeing was able to see that significant usability improvements had been
made, resulting in estimates of thousands of dollars in database
administrator productivity. Boeing used this information in making the decision
to renew the Oracle license for future versions of database software, training,
and support.
In another
supplier-consumer pilot study, Microsoft and Boeing collaborated to compare the
usability of beta releases of Windows 2000 and an earlier version of this
operating system. The effort involved joint design of web-based survey tools
for estimating the effects of improved product usability. These collected data
were used to estimate reduction in the overhead that results when end-users
encounter usability problems. There were improvements in successive beta
versions and an improvement over the usability of older versions of Windows.
Boeing used this data as input to a decision to upgrade desktop systems to
Windows 2000.
Several European pilot studies have reported the successful use of CIF in usability requirements for a website, usability requirements for a desktop travel expense reporting system, assessment of a website for e-commerce, and assessment of travel management software.
In addition to its application for software development and procurement, extensions to the CIF are currently being considered for reporting usability testing of hardware, evaluation of websites, universal accessibility, and as a means of documenting user requirements. The ANSI/INCITS-approved CIF standard is currently being proposed to the International Organization for Standardization (ISO), to become an international standard. The CIF has proven its utility to both of its targeted user groups -- usability professionals and corporate decision makers. The CIF was developed by the IUSR group, composed of human factors and software engineers in industry and academia and led by ITL. The ANSI/INCITS CIF standard can be obtained from ANSI or online from the NIST IUSR website http://www.nist.gov/iusr.
ITL Releases Updated Reference Data Set to Fight
Computer Crime
A collaboration of NIST, the National Institute of Justice (NIJ), the Federal Bureau of Investigation (FBI), the Defense Computer Forensics Laboratory (DCFL), the U.S. Customs Service, software vendors, and state and local law enforcement organizations, the NSRL is an example of the application of technology to investigate crimes involving computers, such as child pornography, racketeering, cyber-attacks, illegal gambling, Internet fraud, and software piracy.
ITL Publishes Smart Card Interoperability
Specifications
The federal government is expanding smart card
use among federal employees because of the security features and inherent
versatility of smart cards. For example, a single smart card could be used as
an identification card, to provide access to secure buildings, to securely
logon to computer systems, and to make small purchases. However, the federal
government has been reluctant to use smart cards on a large scale primarily due
to the lack of interoperability among smart card products.
Scientists in our Computer Security Division
have been working with the General Services Administration, other federal
agencies, and industry partners for the past several years to establish a
Government Smart Card (GSC) program to facilitate widespread deployment of
interoperable smart card systems. Specifically, we set out to build a framework
for smart card interoperability, enabling broad adoption of this critical
technology by the public and private sectors. The mechanism and technical
foundation for this framework is the Government Smart Card Interoperability
Specification (GSC-IS). The GSC-IS version 2.0 was published on June 27, 2002
as NISTIR 6887.
The GSC-IS lays the groundwork for smart cards
to work in an open environment. It defines an architectural model for
interoperable smart card service provider modules, compatible with both file
system cards and virtual machine cards, that allows smart card application
developers to obtain various services (e.g., encryption, authentication,
digital signatures, etc.) from GSC-compliant smart cards through a common,
interoperable smart card services interface. We have begun introducing the
specification into the national and international voluntary standards arena.
The GSC-ISv2.0 is available as NISTIR 6887 at http://smartcard.nist.gov.
UPDATE
ON NEW PUBLICATIONS
ITL publishes the results of studies, investigations, research, and conferences. The reports listed below may be available online or ordered from:
National Technical Information Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 605-6000
Rush Service (800) 553-6847
Fax (703) 321-8547 or (703) 321-9038
Home Page: http://www.ntis.gov/onow
By M. Swanson, A. Wohl, T. Grance, J. Hash, L. Pope, and R. Thomas
NIST Special Publications 800-34
June 2002
Online at http://csrc.nist.gov/publications/nistpubs/index.html
The Contingency Planning Guide for Information Technology (IT) Systems provides instructions, recommendations, and considerations for government IT contingency planning. Contingency planning refers to interim measures to recover IT services after an emergency or system disruption. Interim measures may include the relocation of IT systems and operations to an alternate site, the recovery of IT functions using alternate equipment, or the performance of IT functions using manual methods. The information presented in this document addresses specific contingency planning recommendations and provides strategies and techniques common to desktops and portable systems, servers, websites, local area networks, wide area networks, distributed systems, and mainframe systems. The document also defines the following seven-step contingency process that an agency may apply to develop and maintain a viable contingency planning program for their IT systems.
V. McCrary and M. Floyd, Editors
NISTIR 6880
June 2002
PB2002-106897 $41.00 paper
Order from NTIS $17.00 microfiche
This document contains the proceedings for "DVD 2002: Standards, Applications, Technology” Conference and Exhibition, including biographies and speeches of the keynote speakers.
By J.F. Dray, A. Goldfine, M. Iorga, T. Schwarzhoff, J. Wack
NISTIR 6887
June 2002
Available online at http://smartcard.nist.gov
The Government Smart Card Interoperability Specification (GSC-IS) defines a comprehensive architectural framework for smart card interoperability. The GSC-IS framework establishes a common smart card service provider model that allows applications programmers to access smart card services without regard for the underlying implementation details. The GSC-IS was developed by the Government Smart Card Interagency Advisory Board, a joint committee of federal agencies and industry partners in conjunction with the General Service Administration’s Smart Access Common ID Card contract.
Text Box
--------------------------------------------
See our new Critical Infrastructure Brochure
at http://www.itl.nist.gov/ITLCIPBrochure.pdf.
--------------------------------------------
UPCOMING TECHNICAL CONFERENCES
This workshop will serve as a forum for the acquisitions and security communities to come together and more effectively introduce information security engineering concepts into the federal procurement process.
Date: September 13, 2002
Place: NIST, Gaithersburg, Maryland
Sponsors: NIST, National Information Assurance Partnership (NIAP), and MITRE Corp.
Conference website: http://niap.nist.gov/
ITL technical contact: Terry Losonsky, terrance.losonsky@nist.gov
Biometric
Consortium Conference (BC2002)
This conference will appeal to a wide variety of individuals - policy developers and decision makers, industry and government executives, IT users and developers, IT CEOs and product managers, law enforcement officers, system integrators, personal authentication and information security specialists, educators and students, government, industry, and academia researchers. Topics to be covered include utilizing biometric-based solutions for a wide range of applications related with homeland security, the prevention of ID theft, and the integration of these solutions for any identification and verification application.
Dates: September 23-25, 2002
Place: Crystal City, Arlington, Virginia
Sponsors: Biometric Consortium, NIST, and NSA
Conference website: http://www.itl.nist.gov/div895/isis/bc/bc2002/home.htm
ITL technical contact: Fernando Podio, fernando.podio@nist.gov
Information
Security Small Business Regional Workshop
NIST, in co-sponsorship with the Small Business Administration and the National
Infrastructure Protection Center's InfraGard Program, is holding a series of regional workshops about information security threats and solutions, especially designed for small and medium-sized businesses and not-for-profit organizations. Attendees will have the opportunity to explore practical tools and techniques that can be help them to assess, enhance, and maintain the security of their systems.
Date: September 26, 2002, in Chicago, Illinois
Website: http://csrc.nist.gov/Bus_Regional_Mtgs/index.html
ITL technical contact: Alicia Clay, alicia.clay@nist.gov
Third Annual Pervasive Computing Conference (PC2002)
Bringing together the diverse pervasive computing community including researchers, developers, and end users from industry, government, and academia, this conference will address relevant standards, measurement, and aspects of pervasive computing. The emphasis this year is on pervasive computing in healthcare. Topics include pervasive computing hardware, software, new interfaces, wireless computing, applications, and trends.
Dates: October 1-2, 2002
Place: NIST, Gaithersburg, Maryland
Website: http://xsun.sdct.itl.nist.gov/~lewa/
ITL technical contact: Alden Dima, alden.dima@nist.gov
--------------------------------
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.