National Cybersecurity Center of Excellence (NCCoE) and Financial Services Sector IT Asset Management Use Case, 25833-25834 [2014-10349]
Download as PDF
<![CDATA[
Federal Register / Vol. 79, No. 87 / Tuesday, May 6, 2014 / Notices
throughout 2013. The Committee’s
charter expires June 18, 2014.
The meeting is open to the public.
Members of the public wishing to attend
the conference call must notify Mr.
Ryan Mulholland at the contact
information above by 5 p.m. EDT on
Friday, May 9, in order to pre-register
and receive call-in instructions. Please
specify any request for reasonable
accommodation by Friday, May 9. Last
minute requests will be accepted, but
may be impossible to fill.
Any member of the public may
submit pertinent written comments
concerning the RE&EEAC’s affairs at any
time before or after the meeting.
Comments may be submitted to
ryan.mulholland@trade.gov or to the
Renewable Energy and Energy
Efficiency Advisory Committee, Office
of Energy and Environmental
Technologies Industries (OEEI),
International Trade Administration,
Room 4053; 1401 Constitution Avenue
NW., Washington, DC 20230. To be
considered during the meeting,
comments must be received no later
than 5 p.m. EDT on Friday, May 9, 2014,
to ensure transmission to the Committee
prior to the meeting. Comments
received after that date will be
distributed to the members, but may not
be considered at the meeting.
Copies of RE&EEAC meeting minutes
will be available within 30 days of the
meeting.
Dated: April 24, 2014.
Catherine P. Vial,
Team Leader for Environmental Industries,
Office of Energy and Environmental
Industries.
[FR Doc. 2014–09877 Filed 5–5–14; 8:45 am]
BILLING CODE 3510–DR–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 140321260–4260–01]
National Cybersecurity Center of
Excellence (NCCoE) and Financial
Services Sector IT Asset Management
Use Case
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
sroberts on DSK5SPTVN1PROD with NOTICES
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for IT asset management for
the financial services sector. This notice
SUMMARY:
VerDate Mar<15>2010
17:34 May 05, 2014
Jkt 232001
is the initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Financial Services sector
program. Participation in the use case is
open to all interested organizations.
DATES: Interested parties must contact
NIST to request a letter of interest.
Letters of interest will be accepted on a
rolling basis. Collaborative activities
will commence as soon as enough
completed and signed letters of interest
have been returned to address all the
necessary components and capabilities,
but no earlier than June 5, 2014. When
the use case has been completed, NIST
will post a notice on the NCCoE
financial services program Web site at
nccoe.nist.gov/financial-services/
announcing the completion of the use
case and informing the public that it
will no longer accept letters of interest
for this use case.
ADDRESSES: The NCCoE is located at
9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be
submitted to financial_NCCoE@nist.gov;
or via hardcopy to National Institute of
Standards and Technology, NCCoE;
9600 Gudelsky Drive; Rockville, MD
20850. Organizations whose letters of
interest are accepted in accordance with
the Process set forth in the
SUPPLEMENTARY INFORMATION section of
this notice will be asked to sign a
Cooperative Research and Development
Agreement (CRADA) with NIST. A
CRADA template can be found at:
https://nccoe.nist.gov/The-Center/Get_
Involved/NCCoE_Consortium_CRADA_
Example.pdf.
FOR FURTHER INFORMATION CONTACT:
Mike Stone via email at financial_
NCCoE@nist.gov; or telephone 240–314–
6813; National Institute of Standards
and Technology, NCCoE; 9600 Gudelsky
Drive; Rockville, MD 20850. Additional
details about the NCCoE Financial
Services Sector program are available at
https://nccoe.nist.gov/financial-services.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
PO 00000
Frm 00020
Fmt 4703
Sfmt 4703
25833
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for IT asset management for
the financial services sector. Interested
parties should contact NIST using the
information provided in the FOR
FURTHER INFORMATION CONTACT section of
this notice. NIST will then provide each
interested party with a letter of interest,
which the party must complete, certify
that it is accurate, and submit to NIST.
NIST will contact interested parties if
there are questions regarding the
responsiveness of the letters of interest
to the use case objective or requirements
identified below. NIST will select
participants who have submitted
complete letters of interest on a first
come, first served basis within each
category of product components or
capabilities listed below up to the
number of participants in each category
necessary to carry out this use case.
However, there may be continuing
opportunity to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST.
NIST published a notice in the Federal
Register on October 19, 2012 (77 FR
64314) inviting U.S. companies to enter
into National Cybersecurity Excellence
Partnerships; (NCEPs) in furtherance of
the NCCoE. For this demonstration
project, NCEP partners will not be given
priority for participation.
Use Case Objective: To effectively
manage, utilize and secure an asset, you
first need to know the asset’s location
and function. While many financial
sector companies label physical assets
with bar codes and track them with a
database, this approach does not answer
questions such as, ‘‘What operating
systems are our laptops running?’’ and
‘‘Which devices are vulnerable to the
latest threat?’’ The goal of this project is
to provide answers to questions like
these by tying existing data systems for
physical assets and security and IT
security and support into a
comprehensive IT asset management
(ITAM) system. In addition, financial
services companies can employ this
ITAM system to dynamically apply
business and security rules to better
utilize information assets and protect
enterprise systems and data. In short,
E:\FR\FM\06MYN1.SGM
06MYN1
25834
Federal Register / Vol. 79, No. 87 / Tuesday, May 6, 2014 / Notices
sroberts on DSK5SPTVN1PROD with NOTICES
this ITAM system will give companies
the ability to track, manage and report
on an information asset throughout its
entire life cycle.
Requirements
Each responding organization’s letter
of interest should identify which
security platform components or
capabilities it is offering. Components
are listed in section six of the IT Asset
Management for Financial Services use
case and include, but are not limited to:
1. Physical asset management
systems/databases.
2. Physical security management
systems/databases.
3. Multiple virtual testing networks
and systems simulating receiving,
security, IT support, network security,
development and sales departments.
4. Physical access controls with
standard network interfaces.
Each responding organization’s letter of
interest should identify how their
products address one or more of the
following desired solution
characteristics in section two of the IT
Asset Management for Financial
Services use case:
1. Be capable of interfacing with
multiple existing systems.
2. Complement existing asset
management, security and network
systems.
3. Provide APIs for communicating
with other security devices and systems
such as firewalls and intrusion
detection and identity and access
management (IDAM). systems
4. Know and control which assets,
both virtual and physical, are connected
to the enterprise network.
5. Provide fine-grain asset
accountability supporting the idea of
data as an asset.
6. Automatically detect and alert
when unauthorized devices attempt to
access the network, also known as asset
discovery.
7. Integrate with ways to validate a
trusted network connection.
8. Enable administrators to define and
control the hardware and software that
can be connected to the corporate
environment.
9. Enforce software restriction policies
relating to what software is allowed to
run in the corporate environment.
10. Record and track the prescribed
attributes of assets.
11. Audit and monitor changes in the
asset’s state and connection.
12. Integrate with log analysis tools to
collect and store audited information.
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
VerDate Mar<15>2010
17:34 May 05, 2014
Jkt 232001
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the IT Asset
Management for the Financial Services
Sector use case in NCCoE facilities
which will be conducted in a manner
consistent with Federal requirements
(e.g., FIPS 200, FIPS 201, SP 800–53,
and SP 800–63).
Additional details about the IT Asset
Management for the Financial Services
sector Use Case are available at https://
nccoe.nist.gov/financial-services.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium agreement in
the development of the IT Asset
Management for Financial Services
capability. Prospective participants’
contribution to the collaborative effort
will include assistance in establishing
the necessary interface functionality,
connection and set-up capabilities and
procedures, demonstration harnesses,
environmental and safety conditions for
use, integrated platform user
instructions, and demonstration plans
and scripts necessary to demonstrate the
desired capabilities. Each prospective
participant will train NIST personnel as
necessary, to operate its product in
capability demonstrations to the
healthcare community. Following
successful demonstrations, NIST will
publish a description of the security
platform and its performance
characteristics sufficient to permit other
organizations to develop and deploy
security platforms that meet the security
objectives of the IT Asset Management
for Financial Services Use Case. These
descriptions will be public information.
Under the terms of the consortium
agreement, NIST will support
development of interfaces among
participants’ products, including IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
IT Asset Management for Financial
Services capability will be announced
on the NCCoE Web site at least two
weeks in advance at https://
nccoe.nist.gov/. The expected outcome
of the demonstration is to improve IT
asset management across an entire
financial services enterprise.
Participating organizations will gain
PO 00000
Frm 00021
Fmt 4703
Sfmt 4703
from the knowledge that their products
are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE Web site https://
nccoe.nist.gov/.
Dated: May 1, 2014.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2014–10349 Filed 5–5–14; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–XD279
North Pacific Fishery Management
Council; Public Meeting
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice of a public meeting.
AGENCY:
The North Pacific Fishery
Management Council (Council) and
Alaska Board of Fisheries (AK BOF)
Joint Protocol Committee will meet in
Anchorage, AK.
DATES: The meeting will be held on May
21, 2014, from 10 a.m. to 5 p.m.
ADDRESSES: The meeting will be held at
the Clarion Suites, 1110 8th Avenue,
Heritage Room, Anchorage, AK.
Council address: North Pacific
Fishery Management Council, 605 W.
4th Ave., Suite 306, Anchorage, AK
99501–2252.
FOR FURTHER INFORMATION CONTACT: AK
BOF Staff; telephone: (907) 465–4110 or
Council staff: (907) 271–2809.
SUPPLEMENTARY INFORMATION: The
Committee will review the following:
Update on Council action on Gulf of
Alaska trawl bycatch management;
Board of Fisheries Pollock Workgroup;
Bering Sea Aleutian Island (BSAI)
Pacific cod Total Allowable Catch split
and state-water Guideline Harvest
Levels fisheries; BSAI crab actions;
Board actions in March; Council crab
bycatch motion; Proposed Change to
Groundfish Possession and Landing
Requirements.
The Agenda is subject to change, and
the latest version will be posted at
https://www.npfmc.org/.
Although non-emergency issues not
contained in this agenda may come
before this group for discussion, those
issues may not be the subject of formal
action during this meeting. Action will
SUMMARY:
E:\FR\FM\06MYN1.SGM
06MYN1
]]>Agencies
[Federal Register Volume 79, Number 87 (Tuesday, May 6, 2014)]
[Notices]
[Pages 25833-25834]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-10349]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 140321260-4260-01]
National Cybersecurity Center of Excellence (NCCoE) and Financial
Services Sector IT Asset Management Use Case
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for IT asset management for
the financial services sector. This notice is the initial step for the
National Cybersecurity Center of Excellence (NCCoE) in collaborating
with technology companies to address cybersecurity challenges
identified under the Financial Services sector program. Participation
in the use case is open to all interested organizations.
DATES: Interested parties must contact NIST to request a letter of
interest. Letters of interest will be accepted on a rolling basis.
Collaborative activities will commence as soon as enough completed and
signed letters of interest have been returned to address all the
necessary components and capabilities, but no earlier than June 5,
2014. When the use case has been completed, NIST will post a notice on
the NCCoE financial services program Web site at nccoe.nist.gov/financial-services/announcing the completion of the use case and
informing the public that it will no longer accept letters of interest
for this use case.
ADDRESSES: The NCCoE is located at 9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be submitted to financial_NCCoE@nist.gov; or via hardcopy to National Institute of Standards and
Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850.
Organizations whose letters of interest are accepted in accordance with
the Process set forth in the SUPPLEMENTARY INFORMATION section of this
notice will be asked to sign a Cooperative Research and Development
Agreement (CRADA) with NIST. A CRADA template can be found at: https://nccoe.nist.gov/The-Center/Get_Involved/NCCoE_Consortium_CRADA_Example.pdf.
FOR FURTHER INFORMATION CONTACT: Mike Stone via email at financial_NCCoE@nist.gov; or telephone 240-314-6813; National Institute of
Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD
20850. Additional details about the NCCoE Financial Services Sector
program are available at https://nccoe.nist.gov/financial-services.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for IT asset
management for the financial services sector. Interested parties should
contact NIST using the information provided in the FOR FURTHER
INFORMATION CONTACT section of this notice. NIST will then provide each
interested party with a letter of interest, which the party must
complete, certify that it is accurate, and submit to NIST. NIST will
contact interested parties if there are questions regarding the
responsiveness of the letters of interest to the use case objective or
requirements identified below. NIST will select participants who have
submitted complete letters of interest on a first come, first served
basis within each category of product components or capabilities listed
below up to the number of participants in each category necessary to
carry out this use case. However, there may be continuing opportunity
to participate even after initial activity commences. Selected
participants will be required to enter into a consortium CRADA with
NIST. NIST published a notice in the Federal Register on October 19,
2012 (77 FR 64314) inviting U.S. companies to enter into National
Cybersecurity Excellence Partnerships; (NCEPs) in furtherance of the
NCCoE. For this demonstration project, NCEP partners will not be given
priority for participation.
Use Case Objective: To effectively manage, utilize and secure an
asset, you first need to know the asset's location and function. While
many financial sector companies label physical assets with bar codes
and track them with a database, this approach does not answer questions
such as, ``What operating systems are our laptops running?'' and
``Which devices are vulnerable to the latest threat?'' The goal of this
project is to provide answers to questions like these by tying existing
data systems for physical assets and security and IT security and
support into a comprehensive IT asset management (ITAM) system. In
addition, financial services companies can employ this ITAM system to
dynamically apply business and security rules to better utilize
information assets and protect enterprise systems and data. In short,
[[Page 25834]]
this ITAM system will give companies the ability to track, manage and
report on an information asset throughout its entire life cycle.
Requirements
Each responding organization's letter of interest should identify
which security platform components or capabilities it is offering.
Components are listed in section six of the IT Asset Management for
Financial Services use case and include, but are not limited to:
1. Physical asset management systems/databases.
2. Physical security management systems/databases.
3. Multiple virtual testing networks and systems simulating
receiving, security, IT support, network security, development and
sales departments.
4. Physical access controls with standard network interfaces.
Each responding organization's letter of interest should identify how
their products address one or more of the following desired solution
characteristics in section two of the IT Asset Management for Financial
Services use case:
1. Be capable of interfacing with multiple existing systems.
2. Complement existing asset management, security and network
systems.
3. Provide APIs for communicating with other security devices and
systems such as firewalls and intrusion detection and identity and
access management (IDAM). systems
4. Know and control which assets, both virtual and physical, are
connected to the enterprise network.
5. Provide fine-grain asset accountability supporting the idea of
data as an asset.
6. Automatically detect and alert when unauthorized devices attempt
to access the network, also known as asset discovery.
7. Integrate with ways to validate a trusted network connection.
8. Enable administrators to define and control the hardware and
software that can be connected to the corporate environment.
9. Enforce software restriction policies relating to what software
is allowed to run in the corporate environment.
10. Record and track the prescribed attributes of assets.
11. Audit and monitor changes in the asset's state and connection.
12. Integrate with log analysis tools to collect and store audited
information.
Responding organizations need to understand and, in their letters of
interest, commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the IT Asset
Management for the Financial Services Sector use case in NCCoE
facilities which will be conducted in a manner consistent with Federal
requirements (e.g., FIPS 200, FIPS 201, SP 800-53, and SP 800-63).
Additional details about the IT Asset Management for the Financial
Services sector Use Case are available at https://nccoe.nist.gov/financial-services.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium
agreement in the development of the IT Asset Management for Financial
Services capability. Prospective participants' contribution to the
collaborative effort will include assistance in establishing the
necessary interface functionality, connection and set-up capabilities
and procedures, demonstration harnesses, environmental and safety
conditions for use, integrated platform user instructions, and
demonstration plans and scripts necessary to demonstrate the desired
capabilities. Each prospective participant will train NIST personnel as
necessary, to operate its product in capability demonstrations to the
healthcare community. Following successful demonstrations, NIST will
publish a description of the security platform and its performance
characteristics sufficient to permit other organizations to develop and
deploy security platforms that meet the security objectives of the IT
Asset Management for Financial Services Use Case. These descriptions
will be public information.
Under the terms of the consortium agreement, NIST will support
development of interfaces among participants' products, including IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the IT Asset Management for
Financial Services capability will be announced on the NCCoE Web site
at least two weeks in advance at https://nccoe.nist.gov/. The expected
outcome of the demonstration is to improve IT asset management across
an entire financial services enterprise. Participating organizations
will gain from the knowledge that their products are interoperable with
other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE Web site
https://nccoe.nist.gov/.
Dated: May 1, 2014.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2014-10349 Filed 5-5-14; 8:45 am]
BILLING CODE 3510-13-P
