National Cybersecurity Center of Excellence (NCCoE) Situational Awareness Use Case for the Energy Sector, 5512-5514 [2015-01844]
Download as PDF
mstockstill on DSK4VPTVN1PROD with NOTICES
5512
Federal Register / Vol. 80, No. 21 / Monday, February 2, 2015 / Notices
The Council is intended to facilitate
the exchange of information and
encourage bilateral discussions of
business and economic issues,
including promoting bilateral trade and
investment and improving the business
climate in each country. The Council
brings together the respective business
communities of the United States and
Turkey to discuss such issues of mutual
interest and to communicate their joint
recommendations to the U.S. and
Turkish Governments. The Council
consists of the U.S. and Turkish cochairs and a Committee comprised of
private sector members. The Committee
is composed of two Sections of private
sector members, a U.S. Section and a
Turkish Section, each consisting of
approximately ten to twelve members,
representing the views and interests of
their respective private sector business
communities. Each government will
appoint the members to its respective
Section. The Committee will provide
joint recommendations to the two
governments that reflect private sector
views, needs, and concerns regarding
creation of an environment in which the
private sectors of both countries can
partner, thrive, and enhance bilateral
commercial ties that could form the
basis for expanded trade and investment
between the United States and Turkey.
The Department of Commerce is
currently seeking applicants for
membership on the U.S. Section of the
Committee. Each applicant must be a
senior-level executive of a U.S.-owned
or controlled company that is
incorporated in and has its main
headquarters located in the United
States and that is currently doing
business in Turkey. Each applicant also
must be a U.S. citizen, or otherwise
legally authorized to work in the United
States, and be able to travel to Turkey
and locations in the United States to
attend official Council meetings, as well
as U.S. Section and Committee
meetings. In addition, the applicant may
not be a registered foreign agent under
the Foreign Agents Registration Act of
1938, as amended. Applicants may not
be federally-registered lobbyists, and, if
appointed, will not be allowed to
continue to serve as members of the U.S.
Section of the Committee if the member
becomes a federally-registered lobbyist.
Evaluation of applications for
membership in the U.S. Section by
eligible individuals will be based on the
following criteria:
—A demonstrated commitment by the
applicant’s company to the Turkish
market either through exports or
investment.
VerDate Sep<11>2014
19:24 Jan 30, 2015
Jkt 235001
—A demonstrated strong interest by the
applicant’s company in Turkey and
its economic development.
—The ability by the applicant to offer a
broad perspective on the business
environment in Turkey, including
cross-cutting issues that affect the
entire business community.
—The ability by the applicant to initiate
and be responsible for activities in
which the Council will be active.
Members will be selected on the basis
of who will best carry out the objectives
of the Council as stated in the Terms of
Reference establishing the U.S.-Turkey
Business Council. In selecting members
of the U.S. Section, the Department of
Commerce will also seek to ensure that
the Section represents a diversity of
business sectors and geographical
locations, as well as a cross-section of
small, medium, and large-sized firms.
U.S. members will receive no
compensation for their participation in
Council-related activities. They shall
not be considered as special government
employees. Individual private sector
members will be responsible for all
travel and related expenses associated
with their participation in the Council,
including attendance at Committee and
Section meetings. Only appointed
members may participate in official
Council meetings; substitutes and
alternates may not be designated.
Members will normally serve for twoyear terms, but may be reappointed.
To apply for membership, please
submit the following information as
instructed in the ADDRESSES and DATES
captions above:
1. Name(s) and title(s) of the
applicant(s);
2. Name and address of the
headquarters of the applicant’s
company;
3. Location of incorporation of the
applicant’s company;
4. Percentage share of U.S. citizen
ownership in the company;
5. Size of the company in terms of
number of employees;
6. Dollar amount of the company’s
export trade to Turkey;
7. Dollar amount of the company’s
investments in Turkey;
8. Nature of the company’s
investments, operations or interest in
Turkey;
9. An affirmative statement that the
applicant is a U.S. citizen or otherwise
legally authorized to work in the United
States;
10. An affirmative statement that the
applicant is neither registered nor
required to register as a foreign agent
under the Foreign Agents Registration
Act of 1938, as amended;
PO 00000
Frm 00011
Fmt 4703
Sfmt 4703
11. An affirmative statement that the
applicant is not a federally-registered
lobbyist, and that the applicant
understands that if appointed, the
applicant will not be allowed to
continue to serve as a member of the
U.S. Section of the Council if the
applicant becomes a federally registered
lobbyist;
12. An affirmative statement that the
applicant meets all other eligibility
requirements;
13. A brief statement of why the
applicant should be considered;
14. A brief statement of how the
applicant meets the four listed criteria,
including information about the
candidate’s ability to initiate and be
responsible for activities in which the
Council will be active.
Applications will be considered as
they are received. All candidates will be
notified of whether they have been
selected.
Dated: January 28, 2015.
Jay A. Burgess,
Director of the Office of European Country
Affairs (OECA).
[FR Doc. 2015–01936 Filed 1–30–15; 8:45 am]
BILLING CODE 3510–DA–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 141231999–4999–01]
National Cybersecurity Center of
Excellence (NCCoE) Situational
Awareness Use Case for the Energy
Sector
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for situational awareness for
the energy sector. This notice is the
initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Energy sector program.
Participation in the use case is open to
all interested organizations.
DATES: Interested parties must contact
NIST to request a letter of interest.
Letters of interest will be accepted on a
rolling basis. Collaborative activities
will commence as soon as enough
SUMMARY:
E:\FR\FM\02FEN1.SGM
02FEN1
mstockstill on DSK4VPTVN1PROD with NOTICES
Federal Register / Vol. 80, No. 21 / Monday, February 2, 2015 / Notices
completed and signed letters of interest
have been returned to address all the
necessary components and capabilities,
but no earlier than March 4, 2015. When
the use case has been completed, NIST
will post a notice on the NCCoE energy
sector program Web site at https://nccoe.
nist.gov/energy announcing the
completion of the use case and
informing the public that it will no
longer accept letters of interest for this
use case.
ADDRESSES: The NCCoE is located at
9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be
submitted to Energy_NCCoE@nist.gov or
via hardcopy to National Institute of
Standards and Technology, NCCoE;
9600 Gudelsky Drive; Rockville, MD
20850. Organizations whose letters of
interest are accepted in accordance with
the Process set forth in the
SUPPLEMENTARY INFORMATION section of
this notice will be asked to sign a
Cooperative Research and Development
Agreement (CRADA) with NIST. A
CRADA template can be found at:
https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Jim
McCarthy via email at Energy_NCCoE@
nist.gov; or telephone 240–314–6816;
National Institute of Standards and
Technology, NCCoE; 9600 Gudelsky
Drive; Rockville, MD 20850. Additional
details about the Energy Sector program
are available at https://nccoe.nist.gov/
energy.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST,
is a public-private collaboration for
accelerating the widespread adoption of
integrated cybersecurity tools and
technologies. The NCCoE brings
together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Situational Awareness
use case for the Energy Sector. The full
VerDate Sep<11>2014
19:24 Jan 30, 2015
Jkt 235001
use case can be viewed at: https://nccoe.
nist.gov/sites/default/files/nccoe/
NCCoE_ES_Situational_Awareness.pdf
Interested parties should contact NIST
using the information provided in the
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest, which the party must
complete, certify that it is accurate, and
submit to NIST. NIST will contact
interested parties if there are questions
regarding the responsiveness of the
letters of interest to the use case
objective or requirements identified
below. NIST will select participants
who have submitted complete letters of
interest on a first come, first served
basis within each category of product
components or capabilities listed below
up to the number of participants in each
category necessary to carry out this use
case. However, there may be continuing
opportunity to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST.
NIST published a notice in the Federal
Register on October 19, 2012 (77 FR
64314) inviting U.S. companies to enter
into National Cybersecurity Excellence
Partnerships; (NCEPs) in furtherance of
the NCCoE. For this demonstration
project, NCEP partners will not be given
priority for participation.
Use Case Objective: To improve the
security of operational technology,
energy companies need mechanisms to
capture, transmit, analyze and store
real-time or near-real-time data from
industrial control systems (ICS) and
related networking equipment. With
such mechanisms in place, energy
sector providers, owners and operators
can more readily detect anomalous
conditions, take appropriate actions to
remediate them, investigate the chain of
events that led to the anomalies and
share findings with other energy
companies. Obtaining real-time and
near-real-time data from networks also
has the benefit of helping to
demonstrate compliance with
information security standards.
Requirements: Each responding
organization’s letter of interest should
identify which security platform
components or capabilities it is offering.
Components are listed in section five
(for reference, please see link in
PROCESS section above) of the
Situational Awareness for the Energy
Sector use case and include, but are not
limited to:
1. Security incident and event
management (SIEM) or log analysis
software
2. ICS equipment, such as remote
terminal units (RTUs), programmable
PO 00000
Frm 00012
Fmt 4703
Sfmt 4703
5513
logic controllers (PLCs), and relays,
along with associated software and
communications equipment (e.g.,
radios, encryptors)
3. ‘‘Bump-in-the-wire’’ devices for
augmenting operational technology (OT)
with encrypted communication and
logging capabilities
4. Software for collecting, analyzing,
visualizing and storing operational
control data (e.g., historians, outage
management systems, distribution
management systems, human-machine
interfaces)
5. Products that ensure the integrity
and accuracy of data collected from
remote facilities
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in section two (for
reference, please see link in PROCESS
section above) of the Situational
Awareness for the Energy Sector use
case:
1. Data visualization and analysis
capabilities that help dispatchers and
security analysts view control system
behavior, network security events, and
physical security events as a cohesive
whole
2. Analysis and correlation
capabilities that help dispatchers and
security analysts understand and
identify security events and predict how
those events might affect control system
operation
3. Scalability sufficient to meet the
needs of a large metropolitan utility
4. Mechanisms that ensure the
accuracy and integrity of data collected
from remote facilities
5. Ability to collect logs, traffic, and
operational data from a variety of
sources, including servers, ICS
equipment, networking equipment,
security appliances, issue tracking
systems, and mobile devices
6. Ability to allow dispatchers and
security analysts to easily automate
common, repetitive investigative tasks
7. Built-in information sharing
capabilities that allow dispatchers and
security analysts to easily share and
acquire new threat indicators,
correlation rules, mitigations, and
investigative techniques
8. Customizable interfaces that allow
users to tailor the system to meet
specific business needs
9. Automated report generation to aid
utilities in demonstrating compliance
with relevant standards
10. Intuitive user interfaces that are
appropriate for utility dispatchers with
limited network security expertise or
security analysts with limited expertise
in electric power
E:\FR\FM\02FEN1.SGM
02FEN1
mstockstill on DSK4VPTVN1PROD with NOTICES
5514
Federal Register / Vol. 80, No. 21 / Monday, February 2, 2015 / Notices
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components
2. Support for development and
demonstration of the Situational
Awareness use case for the Energy
Sector in NCCoE facilities which will be
conducted in a manner consistent with
Federal requirements (e.g., FIPS 200,
FIPS 201, SP 800–53, and SP 800–63)
Additional details about the Situational
Awareness for the Energy sector use
case are available at: https://nccoe.nist.
gov/sites/default/files/nccoe/NCCoE_
ES_Situational_Awareness.pdf. NIST
cannot guarantee that all of the products
proposed by respondents will be used in
the demonstration. Each prospective
participant will be expected to work
collaboratively with NIST staff and
other project participants under the
terms of the consortium agreement in
the development of the Situational
Awareness for the Energy sector
capability. Prospective participants’
contribution to the collaborative effort
will include assistance in establishing
the necessary interface functionality,
connection and set-up capabilities and
procedures, demonstration harnesses,
environmental and safety conditions for
use, integrated platform user
instructions, and demonstration plans
and scripts necessary to demonstrate the
desired capabilities. Each prospective
participant will train NIST personnel as
necessary, to operate its product in
capability demonstrations to the energy
community. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
and deploy security platforms that meet
the security objectives of the Situational
Awareness for the Energy sector use
case. These descriptions will be public
information.
Under the terms of the consortium
agreement, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities. The dates of the
demonstration of the Situational
Awareness for the Energy sector
capability will be announced on the
NCCoE Web site at least two weeks in
advance at https://nccoe.nist.gov/. The
expected outcome of the demonstration
VerDate Sep<11>2014
19:24 Jan 30, 2015
Jkt 235001
is to improve situational awareness
across an entire energy sector enterprise.
Participating organizations will gain
from the knowledge that their products
are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE Web site https://
nccoe.nist.gov/.
Kevin A. Kimball,
NIST Chief of Staff.
[FR Doc. 2015–01844 Filed 1–30–15; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
Proposed Information Collection;
Comment Request; Permitting, Vessel
Identification, and Vessel Monitoring
System Requirements for the
Commercial Bottomfish Fishery in the
Commonwealth of the Northern
Mariana Islands
National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice.
AGENCY:
The Department of
Commerce, as part of its continuing
effort to reduce paperwork and
respondent burden, invites the general
public and other Federal agencies to
take this opportunity to comment on
proposed and/or continuing information
collections, as required by the
Paperwork Reduction Act of 1995.
DATES: Written comments must be
submitted on or before April 3, 2015.
ADDRESSES: Direct all written comments
to Jennifer Jessup, Departmental
Paperwork Clearance Officer,
Department of Commerce, Room 6616,
14th and Constitution Avenue NW.,
Washington, DC 20230 (or via the
Internet at JJessup@doc.gov).
FOR FURTHER INFORMATION CONTACT:
Requests for additional information or
copies of the information collection
instrument and instructions should be
directed to Walter Ikehara, (808) 725–
5175 or Walter.Ikehara@noaa.gov.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Abstract
This request is for extension of a
currently approved information
collection. As part of a fishery
ecosystem plan, developed by the
Western Pacific Fishery Management
Council under the authorization of the
PO 00000
Frm 00013
Fmt 4703
Sfmt 4703
Magnuson-Stevens Fishery
Conservation and Management Act,
NMFS requires that owners of
commercial fishing vessels in the
bottomfish fishery in the
Commonwealth of the Northern Mariana
Islands (CNMI) obtain a federal
bottomfish permit. If their vessels are
over 40 ft. (12.2 m) long, they must also
mark their vessels in compliance with
federal identification requirements and
carry and maintain a satellite-based
vessel monitoring system (VMS). These
requirements are set out in 50 CFR Part
665, subpart D. This collection of
information is needed for permit
issuance, to identify actual or potential
participants in the fishery, and aid in
enforcement of regulations and area
closures.
II. Method of Collection
Respondents have a choice of either
electronic or paper forms. Methods of
submittal include email of electronic
forms, and mail and facsimile
transmission of paper forms. VMS data
are collected electronically and
automatically.
III. Data
OMB Control Number: 0648–0584.
Form Number(s): None.
Type of Review: Regular (extension of
a currently approved information
collection).
Affected Public: Not-for profit
institutions; state, local or tribal
governments; business or other forprofit organizations.
Estimated Number of Respondents: 50
total; including 6 medium-large vessels
(over 40 ft.).
Estimated Time per Response: Permit
applications and renewals, 30 minutes;
vessel identification, 45 minutes; initial
VMS installation and annual
maintenance, 24 hours; VMS
maintenance, 12 hours annually.
Estimated Total Annual Burden
Hours: 174.
Estimated Total Annual Cost to
Public: $2,760 in recordkeeping and
reporting costs and permit fees.
IV. Request for Comments
Comments are invited on: (a) Whether
the proposed collection of information
is necessary for the proper performance
of the functions of the agency, including
whether the information shall have
practical utility; (b) the accuracy of the
agency’s estimate of the burden
(including hours and cost) of the
proposed collection of information; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the collection of information
E:\FR\FM\02FEN1.SGM
02FEN1
Agencies
[Federal Register Volume 80, Number 21 (Monday, February 2, 2015)]
[Notices]
[Pages 5512-5514]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2015-01844]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 141231999-4999-01]
National Cybersecurity Center of Excellence (NCCoE) Situational
Awareness Use Case for the Energy Sector
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for situational awareness
for the energy sector. This notice is the initial step for the National
Cybersecurity Center of Excellence (NCCoE) in collaborating with
technology companies to address cybersecurity challenges identified
under the Energy sector program. Participation in the use case is open
to all interested organizations.
DATES: Interested parties must contact NIST to request a letter of
interest. Letters of interest will be accepted on a rolling basis.
Collaborative activities will commence as soon as enough
[[Page 5513]]
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than
March 4, 2015. When the use case has been completed, NIST will post a
notice on the NCCoE energy sector program Web site at https://nccoe.nist.gov/energy announcing the completion of the use case and
informing the public that it will no longer accept letters of interest
for this use case.
ADDRESSES: The NCCoE is located at 9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be submitted to Energy_NCCoE@nist.gov
or via hardcopy to National Institute of Standards and Technology,
NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Organizations whose
letters of interest are accepted in accordance with the Process set
forth in the SUPPLEMENTARY INFORMATION section of this notice will be
asked to sign a Cooperative Research and Development Agreement (CRADA)
with NIST. A CRADA template can be found at: https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Jim McCarthy via email at
Energy_NCCoE@nist.gov; or telephone 240-314-6816; National Institute of
Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD
20850. Additional details about the Energy Sector program are available
at https://nccoe.nist.gov/energy.
SUPPLEMENTARY INFORMATION: Background: The NCCoE, part of NIST, is a
public-private collaboration for accelerating the widespread adoption
of integrated cybersecurity tools and technologies. The NCCoE brings
together experts from industry, government, and academia under one roof
to develop practical, interoperable cybersecurity approaches that
address the real-world needs of complex Information Technology (IT)
systems. By accelerating dissemination and use of these integrated
tools and technologies for protecting IT assets, the NCCoE will enhance
trust in U.S. IT communications, data, and storage systems; reduce risk
for companies and individuals using IT systems; and encourage
development of innovative, job-creating cybersecurity products and
services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the
Situational Awareness use case for the Energy Sector. The full use case
can be viewed at: https://nccoe.nist.gov/sites/default/files/nccoe/NCCoE_ES_Situational_Awareness.pdf Interested parties should contact
NIST using the information provided in the FOR FURTHER INFORMATION
CONTACT section of this notice. NIST will then provide each interested
party with a letter of interest, which the party must complete, certify
that it is accurate, and submit to NIST. NIST will contact interested
parties if there are questions regarding the responsiveness of the
letters of interest to the use case objective or requirements
identified below. NIST will select participants who have submitted
complete letters of interest on a first come, first served basis within
each category of product components or capabilities listed below up to
the number of participants in each category necessary to carry out this
use case. However, there may be continuing opportunity to participate
even after initial activity commences. Selected participants will be
required to enter into a consortium CRADA with NIST. NIST published a
notice in the Federal Register on October 19, 2012 (77 FR 64314)
inviting U.S. companies to enter into National Cybersecurity Excellence
Partnerships; (NCEPs) in furtherance of the NCCoE. For this
demonstration project, NCEP partners will not be given priority for
participation.
Use Case Objective: To improve the security of operational
technology, energy companies need mechanisms to capture, transmit,
analyze and store real-time or near-real-time data from industrial
control systems (ICS) and related networking equipment. With such
mechanisms in place, energy sector providers, owners and operators can
more readily detect anomalous conditions, take appropriate actions to
remediate them, investigate the chain of events that led to the
anomalies and share findings with other energy companies. Obtaining
real-time and near-real-time data from networks also has the benefit of
helping to demonstrate compliance with information security standards.
Requirements: Each responding organization's letter of interest
should identify which security platform components or capabilities it
is offering. Components are listed in section five (for reference,
please see link in PROCESS section above) of the Situational Awareness
for the Energy Sector use case and include, but are not limited to:
1. Security incident and event management (SIEM) or log analysis
software
2. ICS equipment, such as remote terminal units (RTUs),
programmable logic controllers (PLCs), and relays, along with
associated software and communications equipment (e.g., radios,
encryptors)
3. ``Bump-in-the-wire'' devices for augmenting operational
technology (OT) with encrypted communication and logging capabilities
4. Software for collecting, analyzing, visualizing and storing
operational control data (e.g., historians, outage management systems,
distribution management systems, human-machine interfaces)
5. Products that ensure the integrity and accuracy of data
collected from remote facilities
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in section two (for reference, please see link
in PROCESS section above) of the Situational Awareness for the Energy
Sector use case:
1. Data visualization and analysis capabilities that help
dispatchers and security analysts view control system behavior, network
security events, and physical security events as a cohesive whole
2. Analysis and correlation capabilities that help dispatchers and
security analysts understand and identify security events and predict
how those events might affect control system operation
3. Scalability sufficient to meet the needs of a large metropolitan
utility
4. Mechanisms that ensure the accuracy and integrity of data
collected from remote facilities
5. Ability to collect logs, traffic, and operational data from a
variety of sources, including servers, ICS equipment, networking
equipment, security appliances, issue tracking systems, and mobile
devices
6. Ability to allow dispatchers and security analysts to easily
automate common, repetitive investigative tasks
7. Built-in information sharing capabilities that allow dispatchers
and security analysts to easily share and acquire new threat
indicators, correlation rules, mitigations, and investigative
techniques
8. Customizable interfaces that allow users to tailor the system to
meet specific business needs
9. Automated report generation to aid utilities in demonstrating
compliance with relevant standards
10. Intuitive user interfaces that are appropriate for utility
dispatchers with limited network security expertise or security
analysts with limited expertise in electric power
[[Page 5514]]
Responding organizations need to understand and, in their letters
of interest, commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components
2. Support for development and demonstration of the Situational
Awareness use case for the Energy Sector in NCCoE facilities which will
be conducted in a manner consistent with Federal requirements (e.g.,
FIPS 200, FIPS 201, SP 800-53, and SP 800-63)
Additional details about the Situational Awareness for the Energy
sector use case are available at: https://nccoe.nist.gov/sites/default/files/nccoe/NCCoE_ES_Situational_Awareness.pdf. NIST cannot guarantee
that all of the products proposed by respondents will be used in the
demonstration. Each prospective participant will be expected to work
collaboratively with NIST staff and other project participants under
the terms of the consortium agreement in the development of the
Situational Awareness for the Energy sector capability. Prospective
participants' contribution to the collaborative effort will include
assistance in establishing the necessary interface functionality,
connection and set-up capabilities and procedures, demonstration
harnesses, environmental and safety conditions for use, integrated
platform user instructions, and demonstration plans and scripts
necessary to demonstrate the desired capabilities. Each prospective
participant will train NIST personnel as necessary, to operate its
product in capability demonstrations to the energy community. Following
successful demonstrations, NIST will publish a description of the
security platform and its performance characteristics sufficient to
permit other organizations to develop and deploy security platforms
that meet the security objectives of the Situational Awareness for the
Energy sector use case. These descriptions will be public information.
Under the terms of the consortium agreement, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities. The dates of the
demonstration of the Situational Awareness for the Energy sector
capability will be announced on the NCCoE Web site at least two weeks
in advance at https://nccoe.nist.gov/. The expected outcome of the
demonstration is to improve situational awareness across an entire
energy sector enterprise. Participating organizations will gain from
the knowledge that their products are interoperable with other
participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE Web site
https://nccoe.nist.gov/.
Kevin A. Kimball,
NIST Chief of Staff.
[FR Doc. 2015-01844 Filed 1-30-15; 8:45 am]
BILLING CODE 3510-13-P