National Cybersecurity Center of Excellence (NCCoE) Data Integrity Building Block, 18504-18506 [2018-08829]
Download as PDF
<![CDATA[
18504
Federal Register / Vol. 83, No. 82 / Friday, April 27, 2018 / Notices
The typical New Construction
Program Participant Review Materials
package will contain the following:
1. New Construction Program Quick
Start Document.
2. New Construction Program User
Guide.
3. New Construction Program Address
List Template.
4. Geographic Update Partnership
Software (GUPS).
5. New Construction Program Map
PDFs (for geocoding purposes only).
6. New Construction Program spatial
shapefiles (for geocoding purposes
only).
Participants must submit their New
Construction Program address list to the
Census Bureau within 45 calendar days
of receipt of the New Construction
Program materials. The New
Construction Program addresses must be
returned in the Census Bureau’s
predefined format, and each address
must be geocoded or assigned to the
census tract and block in which it is
located as shown on the New
Construction Program PDF or digital
(shapefile) maps. This stage will occur
between August and September 2019.
The average estimated time burden to
add, review, and submit the New
Construction Program address list to the
Census Bureau is 47 hours per
participant.
New Construction Program Address
Updates
From September through November
2019, the Census Bureau will process all
files received from participants. Files
that are submitted in the proper format
and with complete geocoding data are
compared against the Census Bureau’s
census address list, extracted from the
MAF, to check for any addresses already
on the list. The Census Bureau will add
the addresses to the census address list
and MAF, if needed, and mail decennial
census forms to any participantsupplied addresses that were not
already in the census address list. The
census enumeration process will
determine the final housing unit status
and population for each unit.
Closeout
The Census Bureau provides a
closeout letter to governments that
registered to participate and provided
updates as well as a thank you letter to
governments that provided updates.
Closeout occurs between December
2019 and January 2020.
II. Method of Collection
The Census Bureau will collect the
New Construction Program participants’
contact information and product media
preference when participants fill out the
electronic or printed forms. To prepare
and submit their list of new living
quarters addresses, the New
Construction Program participants can
opt to receive:
• GUPS with Census Bureau spatial
data.
• PDF maps.
Participants may also use their own
software to create a computer-readable
list of addresses in the prescribed
format. Participants will use the Census
Bureau provided maps or spatial data as
a reference for assigning census tract
and block codes (geocodes) for each
submitted address.
III. Data
OMB Control Number: 0607–XXXX.
Form Number(s): NC_RForm_2020.
Type of Review: Regular submission.
Affected Public: Federally recognized
tribes, states, local governments
(counties, incorporated places,
functioning minor civil divisions).
Estimated Number of Respondents:
Program Invitation: 32,000.
Participant Material Review: 6,550.
Estimated Time per Response:
Program Invitation: 1 hour.
Participant Material Review: 47 hours.
Estimated Total Hour Burden:
Program Invitation: 32,000 hours.
Participant Material Review: 307,850
hours.
Estimated Total Annual Burden
Hours: 339,850 hours.
Estimated number
of respondents
Stage of review
Estimated time
per response
(hours)
Total estimated
hour burden
Program Invitation ......................................................................................................
Participant Material Review .......................................................................................
32,000
6,550
1
47
32,000
307,850
Total ....................................................................................................................
..............................
..............................
339,850 hours.
Estimated Total Annual Cost to
Public: $0. (This is not the cost of
respondents’ time, but the indirect costs
respondents may incur for such things
as purchases of specialized software or
hardware needed to report, or
expenditures for accounting or records
maintenance services required
specifically by the collection.)
Respondent’s Obligation: Voluntary.
Legal Authority: Title 13, U.S.C.,
Section 141(a).
daltland on DSKBBV9HB2PROD with NOTICES
IV. Request for Comments
Comments are invited on: (a) Whether
the proposed collection of information
is necessary for the proper performance
of the functions of the agency, including
whether the information shall have
practical utility; (b) the accuracy of the
agency’s estimate of the burden
(including hours and cost) of the
VerDate Sep<11>2014
18:18 Apr 26, 2018
Jkt 244001
proposed collection of information; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the collection of information
on respondents, including through the
use of automated collection techniques
or other forms of information
technology.
Comments submitted in response to
this notice will be summarized and/or
included in the request for OMB
approval of this information collection;
they also will become a matter of public
record.
Sheleen Dumas,
Departmental Lead PRA Officer, Office of the
Chief Information Officer.
[FR Doc. 2018–08964 Filed 4–26–18; 8:45 am]
BILLING CODE 3510–07–P
PO 00000
Frm 00004
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 180301235–8235–01]
National Cybersecurity Center of
Excellence (NCCoE) Data Integrity
Building Block
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for two data integrity projects
within the Data Integrity Building
Block. The two projects are (1) Data
SUMMARY:
E:\FR\FM\27APN1.SGM
27APN1
daltland on DSKBBV9HB2PROD with NOTICES
Federal Register / Vol. 83, No. 82 / Friday, April 27, 2018 / Notices
Integrity: Identifying and Protecting
Assets Against Ransomware and Other
Destructive Events and (2) Data
Integrity: Detecting and Responding to
Ransomware and Other Destructive
Events. This notice is the initial step for
the National Cybersecurity Center of
Excellence (NCCoE) in collaborating
with technology companies to address
cybersecurity challenges identified
under the Data Integrity Building Block.
Participation in the building block is
open to all interested organizations and
organizations may participate in one or
both data integrity projects.
DATES: Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than May 29, 2018.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to di-nccoe@nist.gov or via
hardcopy to National Institute of
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville,
MD 20850. Organizations whose letters
of interest are accepted in accordance
with the process set forth in the
SUPPLEMENTARY INFORMATION section of
this notice will be asked to sign a
separate consortium Cooperative
Research and Development Agreement
(CRADA) with NIST for each Data
Integrity Building Block project. An
NCCoE consortium CRADA template
can be found at: https://nccoe.nist.gov/
node/138.
FOR FURTHER INFORMATION CONTACT:
Timothy McBride via email to
timothy.mcbride@nist.gov; by telephone
301–975–0214; or by mail to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Additional details
about the Data Integrity Building Block
are available at https://nccoe.nist.gov/
projects/building-blocks/data-integrity.
SUPPLEMENTARY INFORMATION: Interested
parties must contact NIST to request a
letter of interest template to be
completed and submitted to NIST.
Letters of interest will be accepted on a
first come, first served basis. Parties
interested in participating in both data
integrity projects must submit a separate
letter of interest for each data integrity
project. When the building block has
been completed, NIST will post a notice
announcing the completion of the
building block and informing the public
that it will no longer accept letters of
interest for this building block on the
NCCoE Data Integrity Building Block
website at https://nccoe.nist.gov/
projects/building-blocks/data-integrity/
VerDate Sep<11>2014
18:18 Apr 26, 2018
Jkt 244001
identify-protect for Data Integrity:
Identifying and Protecting Assets
Against Ransomware and Other
Destructive Events, and at https://
nccoe.nist.gov/projects/building-blocks/
data-integrity/detect-respond for Data
Integrity: Detecting and Responding to
Ransomware and Other Destructive
Events.
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Data Integrity Building
Block. The full building block can be
viewed at: https://nccoe.nist.gov/
projects/building-blocks/data-integrity.
Interested parties should contact NIST
using the information provided in the
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the building
block objective or requirements
identified below. NIST will select
participants who have submitted
complete letters of interest on a first
come, first served basis within each
category of product components or
capabilities listed below up to the
number of participants in each category
necessary to carry out this building
block. However, there may be
continuing opportunity to participate
even after initial activity commences.
Selected participants will be required to
enter into a consortium CRADA with
NIST (for reference, see ADDRESSES
section above). NIST published a notice
in the Federal Register on October 19,
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
18505
2012 (77 FR 64314) inviting U.S.
companies to enter into National
Cybersecurity Excellence Partnerships
(NCEPs) in furtherance of the NCCoE.
For this demonstration project, NCEP
partners will not be given priority for
participation.
Building Block Objective: Establish
tools and procedures to defend, detect,
and respond to data integrity events.
A detailed description of the Data
Integrity Building Block is available at:
https://nccoe.nist.gov/projects/buildingblocks/data-integrity.
Requirements: Each responding
organization’s letter of interest should
identify which security platform
component(s) or capability(ies) it is
offering. Responding organizations must
submit a separate letter of interest and
sign a separate consortium CRADA for
each project the responding
organization is interested in joining.
Letters of interest should not include
company proprietary information, and
all components and capabilities must be
commercially available. Components are
listed in section 3 of each of the data
integrity projects (1) Data Integrity:
Identifying and Protecting Assets
Against Ransomware and Other
Destructive Events, and (2) Data
Integrity: Detecting and Responding to
Ransomware and Other Destructive
Events (for reference, please see the link
in the PROCESS section above) and
include, but are not limited to:
• For Data Integrity: Identifying and
Protecting Assets Against
Ransomware and Other Destructive
Events:
• Secure storage
• File integrity checking mechanisms
backup capability for databases,
VMs, and file systems
• Vulnerability management and
identification software
• Signature based vulnerability
detection
• Behavior based vulnerability
detection
• Zero-day vulnerability detection
• Log collection software
• Asset inventory software
• Asset management
• Asset discovery
• Maintenance software (including
software versioning and
distribution technology)
• Software versioning
• Software distribution
• Update verification
• For Data Integrity: Detecting and
Responding to Ransomware and
Other Destructive Events
• Integrity monitoring
• Event detection
• Malicious software detection
E:\FR\FM\27APN1.SGM
27APN1
daltland on DSKBBV9HB2PROD with NOTICES
18506
Federal Register / Vol. 83, No. 82 / Friday, April 27, 2018 / Notices
• Unauthorized activity detection
• Anomalous activity detection
• Logging and data correlation
software
• Reporting capability
• Vulnerability management
• Forensics/analytics tools
• Mitigation and containment
software
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in section 3 of each of the
Data Integrity projects (1) Data Integrity:
Identifying and Protecting Assets
Against Ransomware and Other
Destructive Events, and (2) Data
Integrity: Detecting and Responding to
Ransomware and Other Destructive
Events (for reference, please see the link
in the PROCESS section above):
1 For Data Integrity: Identifying and
Protecting Assets Against
Ransomware and Other Destructive
Events:
• Inventory assets both part of the
enterprise and the solution itself
• Be secure against integrity attacks
against hosts
• Be secure against integrity attacks
that occur on the network
• Support secure backups
• Provide protected network and
remote access
• Provide audit capabilities
2 For Data Integrity: Detecting and
Responding to Ransomware and
Other Destructive Events:
• Detect unauthorized or malicious
activity on the network
• Detect unauthorized or malicious
mobile code (such as web
technologies like JavaScript,
VBScript, and other code executed
but loaded from an external site)
• Detect unauthorized or malicious
executables
• Detect unauthorized or malicious
behavior
• Report unauthorized or malicious
activity on the network
• Report unauthorized or malicious
mobile code events
• Report unauthorized or malicious
executables
• Report unauthorized or malicious
behavior
• Analyze the impact of unauthorized
or malicious activity on the network
• Analyze the impact of unauthorized
or malicious mobile code events
• Analyze the impact of unauthorized
or malicious executables
• Analyze the impact of unauthorized
or malicious behavior
• Mitigate the impact of unauthorized
or malicious activity on the network
VerDate Sep<11>2014
18:18 Apr 26, 2018
Jkt 244001
• Mitigate the impact of unauthorized
or malicious mobile code events
• Mitigate the impact of unauthorized
or malicious executables
• Mitigate the impact of unauthorized
or malicious behavior
• Contain unauthorized or malicious
activity on the network
• Contain unauthorized or malicious
mobile code events
• Contain unauthorized or malicious
executables
• Contain unauthorized or malicious
behavior
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and
the organization’s experts necessary
to make functional connections
among security platform
components
2. Support for development and
demonstration of the Data Integrity
Building Block in NCCoE facilities
which will be conducted in a
manner consistent with the
following standards and guidance:
FIPS 200, FIPS 201 (for the Data
Integrity: Identifying and Protecting
Assets Against Ransomware and
Other Destructive Events Project),
SP 800–53, FIPS 140–2, SP 800–37,
SP 800–57, SP 800–61, SP 800–83,
SP 800–150, SP 800–160, and SP
800–184.
Additional details about the Data
Integrity Building Block are available at:
https://nccoe.nist.gov/projects/buildingblocks/data-integrity.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium CRADA in the
development of the Data Integrity
Building Block. Prospective
participants’ contribution to the
collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability
demonstrations. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
PO 00000
Frm 00006
Fmt 4703
Sfmt 4703
and deploy security platforms that meet
the security objectives of the Data
Integrity Building Block. These
descriptions will be public information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Data Integrity Building Block capability
will be announced on the NCCoE
website at least two weeks in advance
at https://nccoe.nist.gov/. The expected
outcome of the demonstration is to
improve data integrity within the
enterprise. Participating organizations
will gain from the knowledge that their
products are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE website https://nccoe.nist.
gov/.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2018–08829 Filed 4–26–18; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration (NOAA)
National Sea Grant Advisory Board
(NSGAB); Public Meeting of the
National Sea Grant Advisory Board
Office of Oceanic and
Atmospheric Research (OAR), National
Oceanic and Atmospheric
Administration (NOAA), Department of
Commerce (DOC).
ACTION: Notice of public meeting.
AGENCY:
This notice sets forth the
schedule and proposed agenda of a
forthcoming meeting of the NSGAB.
NSGAB members will discuss and
provide advice on the National Sea
Grant College Program (Sea Grant),
specifically to review and approve the
2018 Biennial Report to Congress, and
any other matters as described in the
agenda found on the Sea Grant website
at https://seagrant.noaa.gov/WhoWeAre/
Leadership/NationalSeaGrantAdvisory
Board/UpcomingAdvisory
BoardMeetings.aspx.
DATES: The announced meeting is
scheduled for Monday, May 14, 2018,
from 3:00 p.m. to 4:30 p.m. ET.
SUMMARY:
E:\FR\FM\27APN1.SGM
27APN1
]]>Agencies
[Federal Register Volume 83, Number 82 (Friday, April 27, 2018)]
[Notices]
[Pages 18504-18506]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-08829]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 180301235-8235-01]
National Cybersecurity Center of Excellence (NCCoE) Data
Integrity Building Block
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for two data integrity
projects within the Data Integrity Building Block. The two projects are
(1) Data
[[Page 18505]]
Integrity: Identifying and Protecting Assets Against Ransomware and
Other Destructive Events and (2) Data Integrity: Detecting and
Responding to Ransomware and Other Destructive Events. This notice is
the initial step for the National Cybersecurity Center of Excellence
(NCCoE) in collaborating with technology companies to address
cybersecurity challenges identified under the Data Integrity Building
Block. Participation in the building block is open to all interested
organizations and organizations may participate in one or both data
integrity projects.
DATES: Collaborative activities will commence as soon as enough
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than May
29, 2018.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards and
Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850.
Organizations whose letters of interest are accepted in accordance with
the process set forth in the SUPPLEMENTARY INFORMATION section of this
notice will be asked to sign a separate consortium Cooperative Research
and Development Agreement (CRADA) with NIST for each Data Integrity
Building Block project. An NCCoE consortium CRADA template can be found
at: https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Timothy McBride via email to
[email protected]; by telephone 301-975-0214; or by mail to
National Institute of Standards and Technology, NCCoE; 9700 Great
Seneca Highway, Rockville, MD 20850. Additional details about the Data
Integrity Building Block are available at https://nccoe.nist.gov/projects/building-blocks/data-integrity.
SUPPLEMENTARY INFORMATION: Interested parties must contact NIST to
request a letter of interest template to be completed and submitted to
NIST. Letters of interest will be accepted on a first come, first
served basis. Parties interested in participating in both data
integrity projects must submit a separate letter of interest for each
data integrity project. When the building block has been completed,
NIST will post a notice announcing the completion of the building block
and informing the public that it will no longer accept letters of
interest for this building block on the NCCoE Data Integrity Building
Block website at https://nccoe.nist.gov/projects/building-blocks/data-integrity/identify-protect for Data Integrity: Identifying and
Protecting Assets Against Ransomware and Other Destructive Events, and
at https://nccoe.nist.gov/projects/building-blocks/data-integrity/detect-respond for Data Integrity: Detecting and Responding to
Ransomware and Other Destructive Events.
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the Data
Integrity Building Block. The full building block can be viewed at:
https://nccoe.nist.gov/projects/building-blocks/data-integrity.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the building block objective or requirements identified below. NIST
will select participants who have submitted complete letters of
interest on a first come, first served basis within each category of
product components or capabilities listed below up to the number of
participants in each category necessary to carry out this building
block. However, there may be continuing opportunity to participate even
after initial activity commences. Selected participants will be
required to enter into a consortium CRADA with NIST (for reference, see
ADDRESSES section above). NIST published a notice in the Federal
Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to
enter into National Cybersecurity Excellence Partnerships (NCEPs) in
furtherance of the NCCoE. For this demonstration project, NCEP partners
will not be given priority for participation.
Building Block Objective: Establish tools and procedures to defend,
detect, and respond to data integrity events.
A detailed description of the Data Integrity Building Block is
available at: https://nccoe.nist.gov/projects/building-blocks/data-integrity.
Requirements: Each responding organization's letter of interest
should identify which security platform component(s) or capability(ies)
it is offering. Responding organizations must submit a separate letter
of interest and sign a separate consortium CRADA for each project the
responding organization is interested in joining. Letters of interest
should not include company proprietary information, and all components
and capabilities must be commercially available. Components are listed
in section 3 of each of the data integrity projects (1) Data Integrity:
Identifying and Protecting Assets Against Ransomware and Other
Destructive Events, and (2) Data Integrity: Detecting and Responding to
Ransomware and Other Destructive Events (for reference, please see the
link in the PROCESS section above) and include, but are not limited to:
For Data Integrity: Identifying and Protecting Assets Against
Ransomware and Other Destructive Events:
Secure storage
File integrity checking mechanisms backup capability for
databases, VMs, and file systems
Vulnerability management and identification software
Signature based vulnerability detection
Behavior based vulnerability detection
Zero-day vulnerability detection
Log collection software
Asset inventory software
Asset management
Asset discovery
Maintenance software (including software versioning and
distribution technology)
Software versioning
Software distribution
Update verification
For Data Integrity: Detecting and Responding to Ransomware and
Other Destructive Events
Integrity monitoring
Event detection
Malicious software detection
[[Page 18506]]
Unauthorized activity detection
Anomalous activity detection
Logging and data correlation software
Reporting capability
Vulnerability management
Forensics/analytics tools
Mitigation and containment software
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in section 3 of each of the Data Integrity
projects (1) Data Integrity: Identifying and Protecting Assets Against
Ransomware and Other Destructive Events, and (2) Data Integrity:
Detecting and Responding to Ransomware and Other Destructive Events
(for reference, please see the link in the PROCESS section above):
1 For Data Integrity: Identifying and Protecting Assets Against
Ransomware and Other Destructive Events:
Inventory assets both part of the enterprise and the
solution itself
Be secure against integrity attacks against hosts
Be secure against integrity attacks that occur on the
network
Support secure backups
Provide protected network and remote access
Provide audit capabilities
2 For Data Integrity: Detecting and Responding to Ransomware and Other
Destructive Events:
Detect unauthorized or malicious activity on the network
Detect unauthorized or malicious mobile code (such as web
technologies like JavaScript, VBScript, and other code executed but
loaded from an external site)
Detect unauthorized or malicious executables
Detect unauthorized or malicious behavior
Report unauthorized or malicious activity on the network
Report unauthorized or malicious mobile code events
Report unauthorized or malicious executables
Report unauthorized or malicious behavior
Analyze the impact of unauthorized or malicious activity
on the network
Analyze the impact of unauthorized or malicious mobile
code events
Analyze the impact of unauthorized or malicious
executables
Analyze the impact of unauthorized or malicious behavior
Mitigate the impact of unauthorized or malicious activity
on the network
Mitigate the impact of unauthorized or malicious mobile
code events
Mitigate the impact of unauthorized or malicious
executables
Mitigate the impact of unauthorized or malicious behavior
Contain unauthorized or malicious activity on the network
Contain unauthorized or malicious mobile code events
Contain unauthorized or malicious executables
Contain unauthorized or malicious behavior
Responding organizations need to understand and, in their letters
of interest, commit to provide:
1. Access for all participants' project teams to component interfaces
and the organization's experts necessary to make functional connections
among security platform components
2. Support for development and demonstration of the Data Integrity
Building Block in NCCoE facilities which will be conducted in a manner
consistent with the following standards and guidance: FIPS 200, FIPS
201 (for the Data Integrity: Identifying and Protecting Assets Against
Ransomware and Other Destructive Events Project), SP 800-53, FIPS 140-
2, SP 800-37, SP 800-57, SP 800-61, SP 800-83, SP 800-150, SP 800-160,
and SP 800-184.
Additional details about the Data Integrity Building Block are
available at: https://nccoe.nist.gov/projects/building-blocks/data-integrity.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium CRADA
in the development of the Data Integrity Building Block. Prospective
participants' contribution to the collaborative effort will include
assistance in establishing the necessary interface functionality,
connection and set-up capabilities and procedures, demonstration
harnesses, environmental and safety conditions for use, integrated
platform user instructions, and demonstration plans and scripts
necessary to demonstrate the desired capabilities. Each participant
will train NIST personnel, as necessary, to operate its product in
capability demonstrations. Following successful demonstrations, NIST
will publish a description of the security platform and its performance
characteristics sufficient to permit other organizations to develop and
deploy security platforms that meet the security objectives of the Data
Integrity Building Block. These descriptions will be public
information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Data Integrity Building Block
capability will be announced on the NCCoE website at least two weeks in
advance at https://nccoe.nist.gov/. The expected outcome of the
demonstration is to improve data integrity within the enterprise.
Participating organizations will gain from the knowledge that their
products are interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE website
https://nccoe.nist.gov/.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2018-08829 Filed 4-26-18; 8:45 am]
BILLING CODE 3510-13-P
