Federal Register - October 8, 2021
Versione di testo Cosa è?Dateas è un sito indipendente non affiliato a entità governative. La fonte dei documenti PDF che pubblichiamo qui è l'entità governativa indicata in ciascuno di essi. Le versioni in testo sono trascrizioni che realizziamo per facilitare l'accesso e la ricerca di informazioni, ma possono contenere errori o non essere complete.
Source: Federal Register
Federal Register / Vol. 86, No. 193 / Friday, October 8, 2021 / Notices The NCCoE is located at 9700 Great Seneca Highway, Rockville, MD 20850. Letters of interest must be submitted to data-nccoe@nist.gov or via hardcopy to National Institute of Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville, MD 20850. Interested parties can access the letter of interest template by visiting https www.nccoe.nist.gov/projects/
building-blocks/data-classification and completing the letter of interest webform. NIST will announce the completion of the selection of participants and inform the public that it is no longer accepting letters of interest for this project at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification.
Organizations whose letters of interest are accepted will be asked to sign a consortium Cooperative Research and Development Agreement CRADA with NIST. An NCCoE consortium CRADA
template can be found at: https
nccoe.nist.gov/library/nccoeconsortium-crada-example.
FOR FURTHER INFORMATION CONTACT:
William Newhouse via telephone at 3019750232; by email to data-nccoe@
nist.gov; or by mail to National Institute of Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Data Classification Practices:
Facilitating Data-Centric Security Management project are available at https www.nccoe.nist.gov/projects/
building-blocks/data-classification.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE
brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology IT systems.
By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT
communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant security capabilities see below to enter into a Cooperative Research and Development Agreement CRADA to provide products and technical expertise to support and demonstrate security
jspears on DSK121TN23PROD with NOTICES1
ADDRESSES:
VerDate Sep<11>2014
17:07 Oct 07, 2021
Jkt 256001
platforms for the Data Classification Practices: Facilitating Data-Centric Security Management project. The full project can be viewed at: https
www.nccoe.nist.gov/projects/buildingblocks/data-classification.
Interested parties can access the template for a letter of interest by visiting the project website at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification and completing the letter of interest webform. On completion of the webform, interested parties will receive access to the letter of interest template, which the party must complete, certify as accurate, and submit to NIST by email or hardcopy. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the project objective or requirements identified below. NIST
will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below up to the number of participants in each category necessary to carry out this project.
When the project has been completed, NIST will post a notice on the Data Classification Practices: Facilitating Data-Centric Security Management project website at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification announcing the completion of the project and informing the public that it will no longer accept letters of interest for this project. Completed letters of interest should be submitted to NIST and will be accepted on a first come, first served basis. There may be continuing opportunity to participate even after initial activity commences for participants who were not selected initially or have submitted the letter of interest after the selection process.
Selected participants will be required to enter into a consortium CRADA with NIST for reference, see ADDRESSES
section above.
Project Objective: Data-centric security management aims to enhance protection of information data regardless of where the data resides or with whom it is shared. This requires that organizations know what data they have, what its characteristics are, and what security and privacy requirements it needs to meet so the necessary protections can be achieved.
Standardized mechanisms for communicating data characteristics and protection requirements are needed to support zero trust architectures by making data-centric security management feasible at scale.
PO 00000
Frm 00015
Fmt 4703
Sfmt 4703
56253
The projects objective is to develop technology-agnostic recommended practices for defining data classifications and data handling rulesets and for communicating them to others. This project will inform, and may identify opportunities to improve, existing cybersecurity and privacy risk management processes by helping with communicating data classifications and data handling rulesets. It will not replace current risk management practices, laws, regulations, or mandates. The project will define the approach for the solution, independent of the supporting technologies, services, architectures, operational environments, etc. As part of this, a proof-of-concept implementation of the defined approach will be attempted. The proof-of-concept will include limited data discovery, analysis, classification, and labeling capabilities, as well as a rudimentary method for expressing how data with a particular label should be handled for each use case scenario. In support of this phase of the project, basic terminology and concepts will be defined based on existing practices and guidance to provide a common language for discussing data classification. The proposed proof-of-concept solutions will integrate commercial and open source products that leverage cybersecurity standards and recommended practices to demonstrate the use case scenarios detailed in the Data Classification Practices:
Facilitating Data-Centric Security Management project description available at: https www.nccoe.nist.gov/
projects/building-blocks/dataclassification. This project will result in a publicly available NIST Cybersecurity Practice Guide as a Special Publication 1800 series, a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.
Requirements for Letters of Interest:
Each responding organizations letter of interest should identify which security platform components or capabilityies it is offering. Letters of interest should not include company proprietary information, and all components and capabilities must be commercially available. Components are listed in section 3 of the Data Classification Practices: Facilitating Data-Centric Security Management project description at https
www.nccoe.nist.gov/projects/buildingblocks/data-classification and include, but are not limited to:
Core Components:
Endpoints:
Client DevicesVarious PCs desktops or laptops and mobile
E:FRFM08OCN1.SGM
08OCN1
