National Cybersecurity Center of Excellence Access Rights Management Use Case for the Financial Services Sector, 18198-18200 [2015-07590]
Download as PDF
<![CDATA[
18198
Federal Register / Vol. 80, No. 64 / Friday, April 3, 2015 / Notices
and state export assistance programs;
invoicing (billing) foreign buyers;
collecting (letters of credit and other
financial instruments) payment for
Products; and arranging for payment of
applicable commissions and fees.
Export Markets
The Export Markets include all parts
of the world except the United States
(the fifty states of the United States, the
District of Columbia, the
Commonwealth of Puerto Rico, the
Virgin Islands, American Samoa, Guam,
the Commonwealth of the Northern
Mariana Islands, and the Trust Territory
of the Pacific Islands).
Export Trade Activities and Methods of
Operations
To engage in Export Trade in the
Export Markets, WJIR may provide and/
or arrange for the provision of Export
Trade Facilitation Services.
Definition
‘‘Supplier’’ means a person who
produces, provides, or sells Products,
Services, and/or Technology Rights.
Dated: March 31, 2015.
Joseph Flynn,
Director, Office of Trade and Economic
Analysis, International Trade Administration.
[FR Doc. 2015–07717 Filed 4–2–15; 8:45 am]
BILLING CODE 3510–DR–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Submission for OMB Review;
Comment Request
The Department of Commerce will
submit to the Office of Management and
Budget (OMB) for clearance the
following proposal for collection of
information under the provisions of the
Paperwork Reduction Act (44 U.S.C.
Chapter 35).
Agency: National Oceanic and
Atmospheric Administration (NOAA).
Title: Alaska Commercial Operator’s
Annual Report (COAR).
OMB Control Number: 0648–0428.
Form Number(s): None.
Type of Request: Regular (extension of
a currently approved information
collection).
Number of Respondents: 179.
Average Hours per Response: 8 hours.
Burden Hours: 1,432.
Needs and Uses: This request is for
extension of a currently approved
information collection.
The Alaska Commercial Operator’s
Annual Report (COAR) is a report that
VerDate Sep<11>2014
17:49 Apr 02, 2015
Jkt 235001
collects harvest and production
information broken out by specific
criteria such as gear type, area, delivery
and product type, and pounds and
value. The COAR is due by April 1 of
the year following any buying or
processing activity.
Any person or company who received
a Fisheries Business License from the
Alaska Department of Revenue and an
Intent to Operate Permit by Alaska
Department of Fish and Game (ADF&G)
is required to annually submit the
COAR to the State of Alaska, Alaska
Department of Fish and Game (ADF&G),
under Alaska Administrative Code
(AAC), chapter 5 AAC 39.130. In
addition, any person or company who
receives an Exclusive Economic Zone
(EEZ)-only permit from ADF&G
annually must submit a COAR to
ADF&G. Any owner of a catcher/
processor or mothership with a Federal
permit operating in the EEZ off Alaska
is required to annually submit a COAR
to ADF&G under 50 CFR part 679.5(p).
The COAR provides information on
ex-vessel and first wholesale values for
statewide fish and shellfish products.
Containing information from shoreside
processors, stationary floating
processors, motherships, and catcher/
processors, this data collection yields
equivalent annual product value
information for all respective processing
sectors and provides a consistent time
series according to which groundfish
resources may be managed more
efficiently.
Affected Public: Business or other forprofit organizations.
Frequency: Annually.
Respondent’s Obligation: Mandatory.
This information collection request
may be viewed at reginfo.gov. Follow
the instructions to view Department of
Commerce collections currently under
review by OMB.
Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to OIRA_Submission@
omb.eop.gov or fax to (202) 395–5806.
Dated: March 30, 2015.
Sarah Brabson,
NOAA PRA Clearance Officer.
[FR Doc. 2015–07585 Filed 4–2–15; 8:45 am]
BILLING CODE 3510–22–P
PO 00000
Frm 00011
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 150318278–5278–01]
National Cybersecurity Center of
Excellence Access Rights
Management Use Case for the
Financial Services Sector
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for access rights management
for the financial services sector. This
notice is the initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the financial services sector
program. Participation in the use case is
open to all interested organizations.
DATES: Interested parties must contact
NIST to request a letter of interest
template. Letters of interest will be
accepted on a first come, first served
basis. Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than May 4, 2015. When the use
case has been completed, NIST will post
a notice on the NCCoE financial services
sector program Web site at https://
nccoe.nist.gov/financial-services
announcing the completion of the use
case and informing the public that it
will no longer accept letters of interest
for this use case.
ADDRESSES: The NCCoE is located at
9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be
submitted to financial_NCCoE@nist.gov
or via hardcopy to National Institute of
Standards and Technology, NCCoE;
9600 Gudelsky Drive; Rockville, MD
20850. Organizations whose letters of
interest are accepted in accordance with
the Process set forth in the
SUPPLEMENTARY INFORMATION section of
this notice will be asked to sign a
Cooperative Research and Development
Agreement (CRADA) with NIST. A
CRADA template can be found at:
https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT:
Michael Stone via email at financial_
NCCoE@nist.gov; or telephone 240–314–
SUMMARY:
E:\FR\FM\03APN1.SGM
03APN1
Federal Register / Vol. 80, No. 64 / Friday, April 3, 2015 / Notices
6813; National Institute of Standards
and Technology, NCCoE; 9600 Gudelsky
Drive; Rockville, MD 20850. Additional
details about the Financial Services
Sector program are available at https://
nccoe.nist.gov/financial-services.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Access Rights
Management use case for the Financial
Services Sector. The full use case can be
viewed at: https://nccoe.nist.gov/sites/
default/files/NCCoE_FS_Use_Case_
IDAM_FinalDraft_20140501.pdf.
Interested parties should contact NIST
using the information provided in the
asabaliauskas on DSK5VPTVN1PROD with NOTICES
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the use case
objective or requirements identified
below. NIST will select participants
who have submitted complete letters of
interest on a first come, first served
basis within each category of product
components or capabilities listed below
up to the number of participants in each
category necessary to carry out this use
case. However, there may be continuing
opportunity to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST.
NIST published a notice in the Federal
Register on October 19, 2012 (77 FR
64314) inviting U.S. companies to enter
VerDate Sep<11>2014
17:49 Apr 02, 2015
Jkt 235001
into National Cybersecurity Excellence
Partnerships (NCEPs) in furtherance of
the NCCoE. For this demonstration
project, NCEP partners will not be given
priority for participation.
Use Case Objective: The goal of this
project is to demonstrate ways to link
together the management of existing
disparate identity and access
mechanisms and systems into a
comprehensive identity and access
management (IDAM) system. This will
enable financial sector entities to
centrally issue, validate, and modify or
revoke access rights for their entire
enterprise based on easy-to-understand
business rules. This IDAM system will
abstract, unify, and simplify the
complex task of dealing with multiple
types of access systems, such as
Windows Active Directory, Unix/Linux,
Resource Access Control Facility
(RACF), automatic class selection
(ACS2) and myriad legacy and
internally developed applicationspecific mechanisms. This IDAM system
will also produce consolidated reports
and statistics so that administrators and
managers can make accurate risk
management decisions. This IDAM
system will, at a minimum, automate
the monitoring and analysis of identity
related activities in a manner that
enables administrators and managers to
make timely and informed risk
management decisions.
Requirements: Each responding
organization’s letter of interest should
identify which security platform
components or capabilities it is offering.
Components are listed in section six (for
reference, please see link in PROCESS
section above) of the Access Rights
Management for the Financial Services
Sector use case and include, but are not
limited to:
• Mainframe (may be simulated or
remotely accessed) such as RACF
• Representative ‘‘homemade’’ financial
sector application(s) with internal
user access database and logging
system
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in section two (for
reference, please see link in PROCESS
section above) of the Access Rights
Management for the Financial Services
Sector use case:
1. Is a single system that is capable of
interacting with multiple existing
accesses
2. Has management systems to provide
a complete picture of access rights
within the organization
PO 00000
Frm 00012
Fmt 4703
Sfmt 4703
18199
3. Complements, and does not replace,
existing security infrastructure
4. Utilizes secure communications
among all components
5. Automates logging, reporting and
alerting of identity and access
management events across the
enterprise
6. Can be queried for information (adhoc reporting) in order to answer
management, performance and
security questions (i.e. show all
activity for a given user in a certain
time period)
7. Does not introduce new attack vectors
into existing systems
8. Supports multiple access levels for
the IDAM system (e.g.
administrator, operator, viewer)
9. Provides fine-grain privilege controls
(e.g. groups, users, directory, file,
and record)
10. Provides the ability to attach
expiration dates/time limits on
access controls
11. Provides the ability to map user’s
access requests via ‘‘service’’
account access
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and
the organization’s experts necessary
to make functional connections
among security platform
components
2. Support for development and
demonstration of the Access Rights
Management use case for the
Financial Services Sector in NCCoE
facilities which will be conducted
in a manner consistent with Federal
requirements (e.g., FIPS 200, FIPS
201, SP 800–53, and SP 800–63)
Additional details about the Access
Rights Management for the Financial
Services sector use case are available at:
https://nccoe.nist.gov/sites/default/files/
NCCoE_FS_Use_Case_IDAM_
FinalDraft_20140501.pdf.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium agreement in
the development of the Access Rights
Management for the Financial Services
sector capability. Prospective
participants’ contribution to the
collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
E:\FR\FM\03APN1.SGM
03APN1
18200
Federal Register / Vol. 80, No. 64 / Friday, April 3, 2015 / Notices
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each prospective
participant will train NIST personnel as
necessary, to operate its product in
capability demonstrations to the
financial services community.
Following successful demonstrations,
NIST will publish a description of the
security platform and its performance
characteristics sufficient to permit other
organizations to develop and deploy
security platforms that meet the security
objectives of the Access Rights
Management for the Financial Services
sector use case. These descriptions will
be public information. Under the terms
of the consortium agreement, NIST will
support development of interfaces
among participants’ products by
providing IT infrastructure, laboratory
facilities, office facilities, collaboration
facilities, and staff support to
component composition, security
platform documentation, and
demonstration activities.
The dates of the demonstration of the
Access Rights Management for the
Financial Services sector capability will
be announced on the NCCoE Web site
at least two weeks in advance at
https://nccoe.nist.gov/. The expected
outcome of the demonstration is to
improve access rights management
across an entire financial services sector
enterprise. Participating organizations
will gain from the knowledge that their
products are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE Web site https://
nccoe.nist.gov/.
Richard Cavanagh,
Acting Associate Director for Laboratory
Programs.
[FR Doc. 2015–07590 Filed 4–2–15; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
Economics and Statistics
Administration
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Commerce Data Advisory Council
Meeting
Economic and Statistics
Administration, Department of
Commerce.
ACTION: Notice of public meeting.
AGENCY:
The Economic and Statistics
Administration (ESA) is giving notice of
a meeting of Commerce Data Advisory
Council (CDAC). The CDAC will
SUMMARY:
VerDate Sep<11>2014
17:49 Apr 02, 2015
Jkt 235001
address areas such as data management
practices; common, open data
standards; policy issues related to
privacy, latency, and consistency;
effective models for public-private
partnership; external uses of Commerce
data; and, methods to build new
feedback loops between the Department
and data users. The CDAC will meet in
a plenary session on April 23–24, 2015.
Last-minute changes to the schedule are
possible, which could prevent giving
advance public notice of schedule
adjustments.
DATES: April 23–24, 2015. On April 23,
the meeting will begin at approximately
12:00 p.m. and end at approximately
5:00 p.m. On April 24, the meeting will
begin at approximately 9:00 a.m. and
end at approximately 1:00 p.m.
ADDRESSES: The meeting will be held at
Google Washington, DC, 25
Massachusetts Avenue NW., Suite 900,
Washington, DC 20001.
FOR FURTHER INFORMATION CONTACT:
Burton Reist, BReist@doc.gov Director of
External Communication and DFO,
CDAC, Department of Commerce,
Economics and Statistics
Administration, 1401 Constitution Ave.
NW., Washington, DC 20230, telephone
(202) 482–3331.
SUPPLEMENTARY INFORMATION: The CDAC
comprises as many as 20 members. The
Committee provides an organized and
continuing channel of communication
between recognized experts in the data
industry (collection, compilation,
analysis, dissemination and privacy
protection) and the Department of
Commerce. The CDAC provides advice
and recommendations, to include
process and infrastructure
improvements, to the Secretary, DOC
and the DOC data-bureau leadership on
ways to make Commerce data easier to
find, access, use, combine and
disseminate. The aim of this advice
shall be to maximize the value of
Commerce data to all users including
governments, businesses, communities,
academia, and individuals.
The Committee meeting is in
accordance with the Federal Advisory
Committee Act (Title 5, United States
Code, Appendix 2, Section 10(a)(b)).
All meetings are open to the public.
A brief period will be set aside at the
meeting for public comment on April
24, 2015. However, individuals with
extensive questions or statements must
submit them in writing to:
DataAdvisoryCouncil@doc.gov (subject
line ‘‘APRIL 2015 CDAC Meeting Public
Comment’’), or by letter submission to
the Director of External Communication
and DFO, CDAC, Department of
Commerce, Economics and Statistics
PO 00000
Frm 00013
Fmt 4703
Sfmt 4703
Administration, 1401 Constitution Ave.
NW., Washington, DC 20230. Such
submissions will be included in the
record for the meeting if received by
Friday, April 17, 2015.
The meeting is physically accessible
to persons with disabilities. Requests for
sign language interpretation or other
auxiliary aids should be directed to the
Director of External Communication as
soon as possible, preferably two weeks
prior to the meeting. If you plan to
attend the meeting, please register by
Monday, April 20, 2015. You may
access the online registration from the
following link: https://
www.regonline.com/cdac_april_2015_
meeting.
Seating is available to the public on
a first-come, first-served basis.
Dated: March 30, 2015.
Austin Durrer,
Chief of Staff for Under Secretary for
Economic Affairs, Economics and Statistics
Administration.
[FR Doc. 2015–07773 Filed 4–2–15; 8:45 am]
BILLING CODE P
DEPARTMENT OF COMMERCE
International Trade Administration
[A–570–932]
Steel Threaded Rod From the People’s
Republic of China: Notice of Court
Decision Not in Harmony With the
Final Results of Scope Ruling on
Antidumping Duty Order and Notice of
Amended Final Results of Scope
Ruling on Antidumping Duty Order
Enforcement and Compliance,
International Trade Administration,
Department of Commerce.
SUMMARY: On September 22, 2014, the
United States Court of Appeals for the
Federal Circuit (CAFC) issued a
decision that engineered steel coil rod
(coil rod) imported by A.L. Patterson,
Inc. (Patterson) was outside the scope of
the antidumping duty order on certain
steel threaded rod from the People’s
Republic of China on threaded rod from
the PRC.1 On December 29, 2014, the
United States Court of International
Trade (CIT or Court) issued an order for
the Department to take action on
remand in accordance with the CAFC’s
decision and to find that Patterson’s
engineered steel coil rod is outside the
AGENCY:
1 See A.L. Patterson, Inc., v. United States, 585
Fed. Appx. 778, 785–86 (Fed. Cir. 2014) (Patterson
CAFC 2014); see also Certain Steel Threaded Rod
from the People’s Republic of China: Notice of
Antidumping Duty Order, 74 FR 17154 (April 4,
2009) (AD Order).
E:\FR\FM\03APN1.SGM
03APN1
]]>Agencies
[Federal Register Volume 80, Number 64 (Friday, April 3, 2015)]
[Notices]
[Pages 18198-18200]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2015-07590]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 150318278-5278-01]
National Cybersecurity Center of Excellence Access Rights
Management Use Case for the Financial Services Sector
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for access rights management
for the financial services sector. This notice is the initial step for
the National Cybersecurity Center of Excellence (NCCoE) in
collaborating with technology companies to address cybersecurity
challenges identified under the financial services sector program.
Participation in the use case is open to all interested organizations.
DATES: Interested parties must contact NIST to request a letter of
interest template. Letters of interest will be accepted on a first
come, first served basis. Collaborative activities will commence as
soon as enough completed and signed letters of interest have been
returned to address all the necessary components and capabilities, but
no earlier than May 4, 2015. When the use case has been completed, NIST
will post a notice on the NCCoE financial services sector program Web
site at https://nccoe.nist.gov/financial-services announcing the
completion of the use case and informing the public that it will no
longer accept letters of interest for this use case.
ADDRESSES: The NCCoE is located at 9600 Gudelsky Drive, Rockville, MD
20850. Letters of interest must be submitted to
financial_NCCoE@nist.gov or via hardcopy to National Institute of
Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD
20850. Organizations whose letters of interest are accepted in
accordance with the Process set forth in the SUPPLEMENTARY INFORMATION
section of this notice will be asked to sign a Cooperative Research and
Development Agreement (CRADA) with NIST. A CRADA template can be found
at: https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Michael Stone via email at
financial_NCCoE@nist.gov; or telephone 240-314-
[[Page 18199]]
6813; National Institute of Standards and Technology, NCCoE; 9600
Gudelsky Drive; Rockville, MD 20850. Additional details about the
Financial Services Sector program are available at https://nccoe.nist.gov/financial-services.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the Access
Rights Management use case for the Financial Services Sector. The full
use case can be viewed at: https://nccoe.nist.gov/sites/default/files/NCCoE_FS_Use_Case_IDAM_FinalDraft_20140501.pdf.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the use case objective or requirements identified below. NIST will
select participants who have submitted complete letters of interest on
a first come, first served basis within each category of product
components or capabilities listed below up to the number of
participants in each category necessary to carry out this use case.
However, there may be continuing opportunity to participate even after
initial activity commences. Selected participants will be required to
enter into a consortium CRADA with NIST. NIST published a notice in the
Federal Register on October 19, 2012 (77 FR 64314) inviting U.S.
companies to enter into National Cybersecurity Excellence Partnerships
(NCEPs) in furtherance of the NCCoE. For this demonstration project,
NCEP partners will not be given priority for participation.
Use Case Objective: The goal of this project is to demonstrate ways
to link together the management of existing disparate identity and
access mechanisms and systems into a comprehensive identity and access
management (IDAM) system. This will enable financial sector entities to
centrally issue, validate, and modify or revoke access rights for their
entire enterprise based on easy-to-understand business rules. This IDAM
system will abstract, unify, and simplify the complex task of dealing
with multiple types of access systems, such as Windows Active
Directory, Unix/Linux, Resource Access Control Facility (RACF),
automatic class selection (ACS2) and myriad legacy and internally
developed application-specific mechanisms. This IDAM system will also
produce consolidated reports and statistics so that administrators and
managers can make accurate risk management decisions. This IDAM system
will, at a minimum, automate the monitoring and analysis of identity
related activities in a manner that enables administrators and managers
to make timely and informed risk management decisions.
Requirements: Each responding organization's letter of interest
should identify which security platform components or capabilities it
is offering. Components are listed in section six (for reference,
please see link in PROCESS section above) of the Access Rights
Management for the Financial Services Sector use case and include, but
are not limited to:
Mainframe (may be simulated or remotely accessed) such as RACF
Representative ``homemade'' financial sector application(s)
with internal user access database and logging system
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in section two (for reference, please see link
in PROCESS section above) of the Access Rights Management for the
Financial Services Sector use case:
1. Is a single system that is capable of interacting with multiple
existing accesses
2. Has management systems to provide a complete picture of access
rights within the organization
3. Complements, and does not replace, existing security infrastructure
4. Utilizes secure communications among all components
5. Automates logging, reporting and alerting of identity and access
management events across the enterprise
6. Can be queried for information (ad-hoc reporting) in order to answer
management, performance and security questions (i.e. show all activity
for a given user in a certain time period)
7. Does not introduce new attack vectors into existing systems
8. Supports multiple access levels for the IDAM system (e.g.
administrator, operator, viewer)
9. Provides fine-grain privilege controls (e.g. groups, users,
directory, file, and record)
10. Provides the ability to attach expiration dates/time limits on
access controls
11. Provides the ability to map user's access requests via ``service''
account access
Responding organizations need to understand and, in their letters
of interest, commit to provide:
1. Access for all participants' project teams to component interfaces
and the organization's experts necessary to make functional connections
among security platform components
2. Support for development and demonstration of the Access Rights
Management use case for the Financial Services Sector in NCCoE
facilities which will be conducted in a manner consistent with Federal
requirements (e.g., FIPS 200, FIPS 201, SP 800-53, and SP 800-63)
Additional details about the Access Rights Management for the
Financial Services sector use case are available at: https://nccoe.nist.gov/sites/default/files/NCCoE_FS_Use_Case_IDAM_FinalDraft_20140501.pdf.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium
agreement in the development of the Access Rights Management for the
Financial Services sector capability. Prospective participants'
contribution to the collaborative effort will include assistance in
establishing the necessary interface functionality, connection and set-
up capabilities and procedures, demonstration harnesses, environmental
and safety conditions for use, integrated
[[Page 18200]]
platform user instructions, and demonstration plans and scripts
necessary to demonstrate the desired capabilities. Each prospective
participant will train NIST personnel as necessary, to operate its
product in capability demonstrations to the financial services
community. Following successful demonstrations, NIST will publish a
description of the security platform and its performance
characteristics sufficient to permit other organizations to develop and
deploy security platforms that meet the security objectives of the
Access Rights Management for the Financial Services sector use case.
These descriptions will be public information. Under the terms of the
consortium agreement, NIST will support development of interfaces among
participants' products by providing IT infrastructure, laboratory
facilities, office facilities, collaboration facilities, and staff
support to component composition, security platform documentation, and
demonstration activities.
The dates of the demonstration of the Access Rights Management for
the Financial Services sector capability will be announced on the NCCoE
Web site at least two weeks in advance at https://nccoe.nist.gov/. The
expected outcome of the demonstration is to improve access rights
management across an entire financial services sector enterprise.
Participating organizations will gain from the knowledge that their
products are interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE Web site
https://nccoe.nist.gov/.
Richard Cavanagh,
Acting Associate Director for Laboratory Programs.
[FR Doc. 2015-07590 Filed 4-2-15; 8:45 am]
BILLING CODE 3510-13-P
