Je veux savoir à propos de…

jspears on DSK121TN23PROD with NOTICES1

56254

Federal Register / Vol. 86, No. 193 / Friday, October 8, 2021 / Notices
devices will be involved in data creation, storage, transmission, retention, and destruction, as well as data-centric security management. Some client devices will be managed by the organization. Some will be used by the organizations employees, while others will be used by people from other organizations.
Client Device AppsThe client devices will have commercial-off-theshelf COTS apps used for data lifecycle activities, such as word processing software and email client software.
Additional DevicesExamples of additional types of devices that could be utilized are networked printers and Internet of Things IoT devices.
Network/Infrastructure Devices The architecture will include devices such as firewalls, routers, or switches that are needed for network functionality and network traffic restriction, as well as the software for managing those devices.
Services and ApplicationsThe architecture will include several types of services and applications that are involved in data lifecycle activities for one or more of the scenarios. The following are examples of possible service and application types:
Enterprise Services/Applications:
Email, collaboration, file sharing, web conferencing, file/data backup, code repositories, content management systems.
Data Services/Applications: Data processing, data analytics, artificial intelligence/machine learning services.
Business Services/Applications: A
variety of system-to-system and humanto-system business applications, both COTS and custom-written, including those that produce and/or consume data.
Data Classification SolutionsThe architecture will include several types of components used to perform data classification responsibilities, such as data discovery, inventory, analysis, classification, and labeling.
Each responding organizations letter of interest should identify how its products help address one or more of the following desired security characteristics and properties in section 3 of the Data Classification Practices:
Facilitating Data-Centric Security Management at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification:
All data is discovered and analyzed to determine how it should be classified.
All data classification and data handling ruleset creation, modification, and deletion is restricted to authorized
VerDate Sep<11>2014

17:07 Oct 07, 2021

Jkt 256001

personnel only, with all actions logged and auditable and with all communications protected.
For all data classifications and data handling rulesets, there is a mechanism for verifying the integrity of the policy or ruleset.
Data classification labels or tags are assigned to all data.
For all data classification labels or tags assigned to data, there is a mechanism for verifying the integrity of the label or tag.
In their letters of interest, responding organizations need to acknowledge the importance of and commit to provide:
1. Access for all participants project teams to component interfaces and the organizations experts necessary to make functional connections among security platform components.
2. Support for development and demonstration of the Data Classification Practices: Facilitating Data-Centric Security Management project, which will be conducted in a manner consistent with the following standards and guidance: FIPS 199, NISTIR 8112, FIPS 200, SP 80037, SP 80053, SP
80060, SP 80063, SP 800154, SP
800171, SP 800207, the NIST
Cybersecurity Framework, and the NIST
Privacy Framework.
Additional details about the Data Classification Practices: Facilitating Data-Centric Security Management project are available at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification.
NIST cannot guarantee that all of the products proposed by respondents will be used in the demonstration. Each prospective participant will be expected to work collaboratively with NIST staff and other project participants under the terms of the consortium CRADA in the development of the Data Classification Practices: Facilitating Data-Centric Security Management project.
Prospective participants contribution to the collaborative effort will include assistance in establishing the necessary interface functionality, connection and set-up capabilities and procedures, demonstration harnesses, environmental and safety conditions for use, integrated platform user instructions, and demonstration plans and scripts necessary to demonstrate the desired capabilities. Each participant will train NIST personnel, as necessary, to operate its product in capability demonstrations. Following successful demonstrations, NIST will publish a description of the security platform and its performance characteristics sufficient to permit other organizations to develop and deploy security platforms that meet the security objectives of the Data
PO 00000

Frm 00016

Fmt 4703

Sfmt 4703

Classification Practices: Facilitating Data-Centric Security Management project. These descriptions will be public information.
Under the terms of the consortium CRADA, NIST will support development of interfaces among participants products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities.
The dates of the demonstration of the Data Classification Practices:
Facilitating Data-Centric Security Management project capability will be announced on the NCCoE website at least two weeks in advance at https
nccoe.nist.gov/. The expected outcome will demonstrate how the components of the Data Classification Practices:
Facilitating Data-Centric Security Management project architecture can provide security capabilities to mitigate identified risks related to data throughout its lifecycle. Participating organizations will gain from the knowledge that their products are interoperable with other participants offerings.
For additional information on the NCCoE governance, business processes, and NCCoE operational structure, visit the NCCoE website https
nccoe.nist.gov/.
Alicia Chambers, NIST Executive Secretariat.
FR Doc. 202121979 Filed 10721; 8:45 am BILLING CODE 351013P

DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric Administration RTID 0648XB403

Fisheries of the Caribbean, Gulf of Mexico, and South Atlantic; Exempted Fishing Permit National Marine Fisheries Service NMFS, National Oceanic and Atmospheric Administration NOAA, Commerce.
ACTION: Notice of receipt of an application for an exempted fishing permit; request for comments.
AGENCY:

NMFS announces the receipt of an application for an exempted fishing permit EFP from Dr. Matthew Ajermian of Harbor Branch Oceanographic Institute of Florida Atlantic University FAU. If granted, the EFP would authorize the captain
SUMMARY:

E:FRFM08OCN1.SGM

08OCN1