National Cybersecurity Center of Excellence (NCCoE) Validating the Integrity of Computing Devices Building Block, 17043-17045 [2020-06264]
Download as PDF
<![CDATA[
Federal Register / Vol. 85, No. 59 / Thursday, March 26, 2020 / Notices
at (202) 482–0665 (Italy), AD/CVD
Operations, Enforcement and
Compliance, International Trade
Administration, U.S. Department of
Commerce, 1401 Constitution Avenue
NW, Washington, DC 20230.
SUPPLEMENTARY INFORMATION:
Background
On January 8, 2020, the Department of
Commerce (Commerce) initiated lessthan-fair-value (LTFV) investigations of
imports of forged steel fluid end blocks
(fluid end blocks) from Germany, India,
and Italy.1 The deadline for the
preliminary determinations is May 27,
2020.
lotter on DSKBCFDHB2PROD with NOTICES
Postponement of Preliminary
Determinations
Section 733(b)(1)(A) of the Tariff Act
of 1930, as amended (the Act), requires
Commerce to issue the preliminary
determination in a LTFV investigation
within 140 days after the date on which
Commerce initiated the investigation.
However, section 733(c)(1) of the Act
permits Commerce to postpone the
preliminary determination until no later
than 190 days after the date on which
Commerce initiated the investigation if:
(A) The petitioner makes a timely
request for a postponement; or (B)
Commerce concludes that the parties
concerned are cooperating, that the
investigation is extraordinarily
complicated, and that additional time is
necessary to make a preliminary
determination. Under 19 CFR
351.205(e), the petitioner must submit a
request for postponement 25 days or
more before the scheduled date of the
preliminary determination and must
state the reasons for the request.
Commerce will grant the request unless
it finds compelling reasons to deny the
request.
On March 5, 2020, the petitioners 2
submitted a timely request that
Commerce postpone the preliminary
determinations in these LTFV
investigations.3 The petitioners stated
that they request postponement due to
the complexity of the investigations and
the amount of time that Commerce will
need to conduct a complete and
thorough analysis, including the
issuance of supplemental
questionnaires.4 The petitioners request
1 See Forged Steel Fluid End Blocks from the
Federal Republic of Germany, India, and Italy:
Initiation of Less-Than-Fair-Value Investigations, 85
FR 2394 (January 15, 2020) (Initiation Notice).
2 The petitioners are the FEB Fair Trade Coalition,
Ellwood Group, and Finkl Steel.
3 See Petitioners’ Letter, ‘‘Forged Steel Fluid End
Blocks from Germany, India, and Italy: Request to
Extend Preliminary Results,’’ dated March 5, 2020.
4 Id.
VerDate Sep<11>2014
17:20 Mar 25, 2020
Jkt 250001
that Commerce fully extend the
preliminary determinations by 50 days.
For the reasons stated above and
because there are no compelling reasons
to deny the request, Commerce, in
accordance with section 733(c)(1)(A) of
the Act, is postponing the deadline for
the preliminary determinations by 50
days (i.e., 190 days after the date on
which these investigations were
initiated). As a result, Commerce will
issue its preliminary determinations no
later than July 16, 2020. In accordance
with section 735(a)(1) of the Act and 19
CFR 351.210(b)(1), the deadline for the
final determinations in these
investigations will continue to be 75
days after the date of the preliminary
determinations, unless postponed at a
later date.
This notice is issued and published
pursuant to section 733(c)(2) of the Act
and 19 CFR 351.205(f)(1).
Dated: March 19, 2020.
Jeffrey I. Kessler,
Assistant Secretary for Enforcement and
Compliance.
[FR Doc. 2020–06335 Filed 3–25–20; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 200313–0079]
National Cybersecurity Center of
Excellence (NCCoE) Validating the
Integrity of Computing Devices
Building Block
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
SUMMARY: The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for the Validating the Integrity
of Computing Devices project. This
notice is the initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Validating the Integrity of
Computing Devices project.
Participation in the building block is
open to all interested organizations.
DATES: Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than April 27, 2020.
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
17043
The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to supplychain-nccoe@
nist.gov or via hardcopy to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Organizations
whose letters of interest are accepted in
accordance with the process set forth in
the SUPPLEMENTARY INFORMATION section
of this notice will be asked to sign a
consortium Cooperative Research and
Development Agreement (CRADA) with
NIST. An NCCoE consortium CRADA
template can be found at: https://
nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT:
Nakia Grayson via email to
supplychain-nccoe@nist.gov; by
telephone 301–975–0200 or by mail to
National Institute of Standards and
Technology, NCCoE; 9700 Great Seneca
Highway, Rockville, MD 20850.
Additional details about the Validating
the Integrity of Computing Devices
project are available at https://
www.nccoe.nist.gov/projects/buildingblocks/supply-chain-assurance.
SUPPLEMENTARY INFORMATION: Interested
parties must contact NIST to request a
letter of interest template to be
completed and submitted to NIST.
Letters of interest will be accepted on a
first come, first served basis. When the
building block has been completed,
NIST will post a notice on the NCCoE
Validating the Integrity of Computing
Devices website at https://
www.nccoe.nist.gov/projects/buildingblocks/supply-chain-assurance
announcing the completion of the
building block and informing the public
that it will no longer accept letters of
interest for this building block.
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
ADDRESSES:
E:\FR\FM\26MRN1.SGM
26MRN1
17044
Federal Register / Vol. 85, No. 59 / Thursday, March 26, 2020 / Notices
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Validating the Integrity
of Computing Devices project. The full
building block can be viewed at: https://
www.nccoe.nist.gov/projects/buildingblocks/supply-chain-assurance.
Interested parties should contact NIST
using the information provided in the
lotter on DSKBCFDHB2PROD with NOTICES
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the building
block objective or requirements
identified below. NIST will select
participants who have submitted
complete letters of interest on a first
come, first served basis within each
category of product components or
capabilities listed below up to the
number of participants in each category
necessary to carry out this building
block. However, there may be
continuing opportunity to participate
even after initial activity commences.
Selected participants will be required to
enter into a consortium CRADA with
NIST (for reference, see ADDRESSES
section above). NIST published a notice
in the Federal Register on October 19,
2012 (77 FR 64314) inviting U.S.
companies to enter into National
Cybersecurity Excellence Partnerships
(NCEPs) in furtherance of the NCCoE.
For this demonstration project, NCEP
partners will not be given priority for
participation.
Building Block Objective: The
objective of this project is to produce
example implementations to
demonstrate how organizations can
verify that the internal components of
their purchased computing devices are
genuine and have not been altered
during the manufacturing and
distribution process. Additionally, this
project will demonstrate how to inspect
the processes that verify that the
components in a computing device
match the attributes and measurements
declared by the manufacturer. This
project is intended to help organizations
decrease the risk of a compromise to
products in a specific stage of their
supply chain, which may result in risks
to the end user. A detailed description
of the Validating the Integrity of
Computing Devices project is available
at: https://www.nccoe.nist.gov/projects/
building-blocks/supply-chainassurance.
VerDate Sep<11>2014
17:20 Mar 25, 2020
Jkt 250001
Requirements: Each responding
organization’s letter of interest should
identify which security platform
component(s) or capability(ies) it is
offering. Letters of interest should not
include company proprietary
information, and all components and
capabilities must be commercially
available. Components are listed in
section 3 of the Validating the
Computing Devices project description
(for reference, please see the link in the
Process section above) and include, but
are not limited to:
• Computing devices, including
laptops, servers, and mobile devices
• Configuration management software
Æ vulnerability scanning
Æ detection
Æ patch management
Æ version control
Æ synchronization
Æ firmware
• Asset inventory software
Æ asset management
Æ asset discovery
• Security information and event
management (SIEM)
Æ event detection
Æ log management
Æ exfiltration activity
Æ unauthorized activity
Æ anomalous activity
• Certificate authority
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in section 3 of the
Validating the Integrity of Computing
Devices project (for reference, please see
the link in the PROCESS section above):
1. Use verifiable and authentic
artifacts that manufacturers produce
during the manufacturing and
integration process.
2. Detect malicious component swaps
of the computing device.
3. Manage the automation process
when accepting the delivery of a
computing device and throughout the
operational lifecycle of the device.
4. Inspect computing devices to verify
that the components in a delivered (or
in-use) system computing device match
the attributes and measurements
declared by the manufacturer.
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the Validating the
Integrity of Computing Devices project
PO 00000
Frm 00004
Fmt 4703
Sfmt 4703
for multiple sectors in NCCoE facilities
which will be conducted in a manner
consistent with the following standards
and guidance: FIPS 200, FIPS 201, SP
800–53, SP 800–147B, SP 800–155 and
SP 800–161. Additional details about
the Validating the Integrity of
Computing Devices project are available
at: https://www.nccoe.nist.gov/projects/
building-blocks/supply-chainassurance.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium CRADA in the
development of the Validating the
Integrity of Computing Devices project.
Prospective participants’ contribution to
the collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability
demonstrations. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
and deploy security platforms that meet
the security objectives of the Validating
the Integrity of Computing Devices
project. These descriptions will be
public information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Validating the Integrity of Computing
Devices’ capability will be announced
on the NCCoE website at least two
weeks in advance at https://
nccoe.nist.gov/. The expected outcome
of the demonstration is to improve
supply chain assurance within the
enterprise. Participating organizations
will gain from the knowledge that their
products are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
E:\FR\FM\26MRN1.SGM
26MRN1
Federal Register / Vol. 85, No. 59 / Thursday, March 26, 2020 / Notices
the NCCoE website https://
nccoe.nist.gov/.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2020–06264 Filed 3–25–20; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
[RTID 0648–XA095]
New England Fishery Management
Council; Public Meeting
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice of public meeting.
AGENCY:
SUMMARY: The New England Fishery
Management Council (Council, NEFMC)
will hold a two-day webinar meeting to
consider actions affecting New England
fisheries in the exclusive economic zone
(EEZ). Due to federal and state travel
restrictions and updated guidance from
the Centers for Disease Control and
Prevention regarding the new
coronavirus, COVID–19, this meeting
will be conducted entirely by webinar.
DATES: The webinar meeting will be
held on Tuesday and Wednesday, April
14 and 15, 2020, beginning at 9 a.m. on
April 14 and 8:30 a.m. on April 15.
ADDRESSES: All meeting participants
and interested parties can register to
join the webinar at https://
register.gotowebinar.com/register/
8766043774885604099.
Council address: New England
Fishery Management Council, 50 Water
Street, Mill 2, Newburyport, MA 01950;
telephone (978) 465–0492;
www.nefmc.org.
FOR FURTHER INFORMATION CONTACT:
Thomas A. Nies, Executive Director,
New England Fishery Management
Council; telephone: (978) 465–0492, ext.
113.
SUPPLEMENTARY INFORMATION:
Agenda
lotter on DSKBCFDHB2PROD with NOTICES
Tuesday, April 14, 2020
After introductions and brief
announcements, the meeting will begin
with reports from the Council Chairman
and Executive Director, NMFS’s
Regional Administrator for the Greater
Atlantic Regional Fisheries Office
(GARFO), liaisons from the Northeast
Fisheries Science Center (NEFSC) and
Mid-Atlantic Fishery Management
Council, staff from the Atlantic States
VerDate Sep<11>2014
17:20 Mar 25, 2020
Jkt 250001
Marine Fisheries Commission (ASMFC),
and representatives from NOAA General
Counsel, NOAA’s Office of Law
Enforcement, the U.S. Coast Guard, the
Northeast Trawl Advisory Panel, and
the Advisory Committee to the U.S.
Section of the International Commission
for the Conservation of Atlantic Tunas.
The Council then will receive a
presentation on the NEFSC’s State of the
Ecosystem 2020 Report for New
England, which will be followed by
recommendations from the Council’s
Scientific and Statistical Committee on
the report. The Ecosystem-Based
Fishery Management (EBFM) Committee
will be up next to provide an update on
work related to stakeholder engagement
and public information workshops
focusing on EBFM and the approach
used for the Council’s example Fishery
Ecosystem Plan (eFEP) for Georges
Bank. Then, members of the public will
have the opportunity to speak during an
open comment period on issues that
relate to Council business but are not
included on the published agenda for
this meeting. The Council asks the
public to limit remarks to 3–5 minutes.
These comments will be received
through the webinar. A guide for how to
publicly comment through the webinar
is available on the Council website at
https://www.nefmc.org/calendar/april2020-council-meeting.
Following the lunch break, the
Council will receive an update from
staff at the Stellwagen Bank National
Marine Sanctuary on sanctuary
activities, as well as a presentation on
the new NOAA Condition Report,
which is triggering a review of the
sanctuary’s management plan. Next, the
Council will receive a NEFSC report on
the March 9–12, 2020 Red Hake Stock
Structure Research Track Assessment
peer review meeting and go directly into
its Small-Mesh Multispecies (Whiting)
Report, which will focus on updates to
an action being considered to rebuild
southern red hake. Finally, the Council
will receive the Atlantic Herring
Committee Report covering: (1) An
update on Framework Adjustment 7 to
the Atlantic Herring Fishery
Management Plan (FMP), which is being
developed to protect spawning herring
on Georges Bank; (2) discussion on
whether the Council should request that
NOAA Fisheries send a letter to ASMFC
outlining the differences between
Council and ASMFC authorities related
to Atlantic herring management; and (3)
an update on Framework Adjustment 8,
which includes fishing year 2021–23
specifications and possible adjustment
of herring measures that potentially
inhibit the Atlantic mackerel fishery
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
17045
from achieving optimum yield. The
Council then will adjourn the formal
meeting for the day and go into a closed
session to discuss personnel issues.
Wednesday, April 15, 2020
The Council will begin the day with
a briefing on NMFS’s decision to
reinitiate consultation on the 2012
Atlantic Sea Scallop Biological Opinion
due to the scallop fishery exceeding its
incidental take statement for turtles. The
Scallop Committee Report with follow.
The Council will approve the range of
alternatives for Scallop Amendment 21,
which is being developed to address: (1)
Northern Gulf of Maine Management
Area issues, (2) the Limited Access
General Category (LAGC) possession
limit, and (3) individual fishing quota
(IFQ) transfers. Then, the Council will
be briefed by GARFO on issues related
to the Atlantic Large Whale Take
Reduction Team, the North Atlantic
Right Whale Biological Opinion, and the
timeline for upcoming action. After that,
the Council will discuss and initiate a
framework action to require recreational
charter/party vessels to submit required
vessel trip reports (VTRs) electronically
as eVTRs for all fisheries managed by
the New England Council.
Following the lunch break, the
Council will be presented with and
discuss the Groundfish Catch Share
Program Review Final Report. Then, the
Council will bring up ‘‘other business’’
and take a short break if time allows.
After that, the Council will conduct a
formal public hearing on Groundfish
Monitoring Amendment 23, which is
under development to improve catch
reporting in the commercial groundfish
fishery. At the conclusion of the
hearing, the Council will close out the
meeting.
Although non-emergency issues not
contained on this agenda may come
before the Council for discussion, those
issues may not be the subject of formal
action during this meeting. Council
action will be restricted to those issues
specifically listed in this notice and any
issues arising after publication of this
notice that require emergency action
under section 305(c) of the MagnusonStevens Fishery Conservation and
Management Act, provided the public
has been notified of the Council’s intent
to take final action to address the
emergency. The public also should be
aware that the meeting will be recorded.
Consistent with 16 U.S.C. 1852, a copy
of the recording is available upon
request.
Special Accommodations
This meeting is being conducted
entirely by webinar. Requests for
E:\FR\FM\26MRN1.SGM
26MRN1
]]>Agencies
[Federal Register Volume 85, Number 59 (Thursday, March 26, 2020)]
[Notices]
[Pages 17043-17045]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-06264]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 200313-0079]
National Cybersecurity Center of Excellence (NCCoE) Validating
the Integrity of Computing Devices Building Block
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for the Validating the
Integrity of Computing Devices project. This notice is the initial step
for the National Cybersecurity Center of Excellence (NCCoE) in
collaborating with technology companies to address cybersecurity
challenges identified under the Validating the Integrity of Computing
Devices project. Participation in the building block is open to all
interested organizations.
DATES: Collaborative activities will commence as soon as enough
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than
April 27, 2020.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to
[email protected] or via hardcopy to National Institute of
Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville,
MD 20850. Organizations whose letters of interest are accepted in
accordance with the process set forth in the SUPPLEMENTARY INFORMATION
section of this notice will be asked to sign a consortium Cooperative
Research and Development Agreement (CRADA) with NIST. An NCCoE
consortium CRADA template can be found at: https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Nakia Grayson via email to
[email protected]; by telephone 301-975-0200 or by mail to
National Institute of Standards and Technology, NCCoE; 9700 Great
Seneca Highway, Rockville, MD 20850. Additional details about the
Validating the Integrity of Computing Devices project are available at
https://www.nccoe.nist.gov/projects/building-blocks/supply-chain-assurance.
SUPPLEMENTARY INFORMATION: Interested parties must contact NIST to
request a letter of interest template to be completed and submitted to
NIST. Letters of interest will be accepted on a first come, first
served basis. When the building block has been completed, NIST will
post a notice on the NCCoE Validating the Integrity of Computing
Devices website at https://www.nccoe.nist.gov/projects/building-blocks/supply-chain-assurance announcing the completion of the building block
and informing the public that it will no longer accept letters of
interest for this building block.
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security
[[Page 17044]]
capabilities (see below) to enter into a Cooperative Research and
Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the
Validating the Integrity of Computing Devices project. The full
building block can be viewed at: https://www.nccoe.nist.gov/projects/building-blocks/supply-chain-assurance.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the building block objective or requirements identified below. NIST
will select participants who have submitted complete letters of
interest on a first come, first served basis within each category of
product components or capabilities listed below up to the number of
participants in each category necessary to carry out this building
block. However, there may be continuing opportunity to participate even
after initial activity commences. Selected participants will be
required to enter into a consortium CRADA with NIST (for reference, see
ADDRESSES section above). NIST published a notice in the Federal
Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to
enter into National Cybersecurity Excellence Partnerships (NCEPs) in
furtherance of the NCCoE. For this demonstration project, NCEP partners
will not be given priority for participation.
Building Block Objective: The objective of this project is to
produce example implementations to demonstrate how organizations can
verify that the internal components of their purchased computing
devices are genuine and have not been altered during the manufacturing
and distribution process. Additionally, this project will demonstrate
how to inspect the processes that verify that the components in a
computing device match the attributes and measurements declared by the
manufacturer. This project is intended to help organizations decrease
the risk of a compromise to products in a specific stage of their
supply chain, which may result in risks to the end user. A detailed
description of the Validating the Integrity of Computing Devices
project is available at: https://www.nccoe.nist.gov/projects/building-blocks/supply-chain-assurance.
Requirements: Each responding organization's letter of interest
should identify which security platform component(s) or capability(ies)
it is offering. Letters of interest should not include company
proprietary information, and all components and capabilities must be
commercially available. Components are listed in section 3 of the
Validating the Computing Devices project description (for reference,
please see the link in the Process section above) and include, but are
not limited to:
Computing devices, including laptops, servers, and mobile
devices
Configuration management software
[cir] vulnerability scanning
[cir] detection
[cir] patch management
[cir] version control
[cir] synchronization
[cir] firmware
Asset inventory software
[cir] asset management
[cir] asset discovery
Security information and event management (SIEM)
[cir] event detection
[cir] log management
[cir] exfiltration activity
[cir] unauthorized activity
[cir] anomalous activity
Certificate authority
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in section 3 of the Validating the Integrity
of Computing Devices project (for reference, please see the link in the
PROCESS section above):
1. Use verifiable and authentic artifacts that manufacturers
produce during the manufacturing and integration process.
2. Detect malicious component swaps of the computing device.
3. Manage the automation process when accepting the delivery of a
computing device and throughout the operational lifecycle of the
device.
4. Inspect computing devices to verify that the components in a
delivered (or in-use) system computing device match the attributes and
measurements declared by the manufacturer.
Responding organizations need to understand and, in their letters
of interest, commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the Validating the
Integrity of Computing Devices project for multiple sectors in NCCoE
facilities which will be conducted in a manner consistent with the
following standards and guidance: FIPS 200, FIPS 201, SP 800-53, SP
800-147B, SP 800-155 and SP 800-161. Additional details about the
Validating the Integrity of Computing Devices project are available at:
https://www.nccoe.nist.gov/projects/building-blocks/supply-chain-assurance.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium CRADA
in the development of the Validating the Integrity of Computing Devices
project. Prospective participants' contribution to the collaborative
effort will include assistance in establishing the necessary interface
functionality, connection and set-up capabilities and procedures,
demonstration harnesses, environmental and safety conditions for use,
integrated platform user instructions, and demonstration plans and
scripts necessary to demonstrate the desired capabilities. Each
participant will train NIST personnel, as necessary, to operate its
product in capability demonstrations. Following successful
demonstrations, NIST will publish a description of the security
platform and its performance characteristics sufficient to permit other
organizations to develop and deploy security platforms that meet the
security objectives of the Validating the Integrity of Computing
Devices project. These descriptions will be public information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Validating the Integrity of
Computing Devices' capability will be announced on the NCCoE website at
least two weeks in advance at https://nccoe.nist.gov/. The expected
outcome of the demonstration is to improve supply chain assurance
within the enterprise. Participating organizations will gain from the
knowledge that their products are interoperable with other
participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit
[[Page 17045]]
the NCCoE website https://nccoe.nist.gov/.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2020-06264 Filed 3-25-20; 8:45 am]
BILLING CODE 3510-13-P
