National Security Authority (Norway)

The National Security Authority (NSM) (Nasjonal sikkerhetsmyndighet) is a Norwegian security agency (Direktorat) established on 1 January 2003 as the successor to Forsvarets sikkerhetsstab (FO/S). It is responsible for preventative national security, ICT security matters, including the national CERT (NorCERT), identifying national objects of special interest and reducing their vulnerability to internal and external threats. The agency performs threat analysis at the national level, and is also known to work with experts on computer security and with data encryption. The cooperation with the Police Security Agency (PST) and the Norwegian Intelligence Service (NIS) has been identified as a very important part of the task of maintaining an overview of potential threats to objects, and instituting proactive activities.

NSM also cooperates with the Directorate for Civil Protection and Emergency Planning (DSB), to prevent loss of life and maintain health, environment, important society functions, and material assets in connection with accidents, catastrophes, terrorism and other unwanted events in peace, crisis and war.

NSM is administratively governed and funded by the Ministry of Defense, but also reports to the Ministry of Justice and the Police in civilian matters.

Organizational structure
NSM is currently (as of 29 March 2007) organized in four technical/specialized departments and two administrative/support departments:



Legal/political basis

 * Security Act
 * Defence Secrets Act
 * Defence Inventions Act
 * Arrangement on certification of information systems and products (SERTIT)
 * Coordinating role in preventative work and responses against IT security breaches aimed at critical national infrastructure (CNI) in Norway. (NorCERT)



Security Act
NSM have the following responsibilities pursuant of the Security Act:
 * Gathering and analyzing of information relevant for preventative security services
 * Information, advice and guidance
 * Oversight and Inspections
 * Development of security measures (R&D when needed)
 * National and international cooperation
 * Monitoring of information systems
 * Technical Security Counter Measures (TSCM)
 * Production and accounting of encryption material
 * Central Personnel and Facility Security Clearance Registry
 * Body of Appeal when Security Clearance is denied