The National Cybersecurity Center of Excellence (NCCoE) works with industry, academic and government experts to find practical solutions for businesses' most pressing cybersecurity needs. The NCCoE collaborates to build open, standards-based, modular, end-to-end solutions that are broadly applicable, customizable to the needs of individual businesses, and help businesses more easily comply with applicable standards and regulations.
A "Building Block" is a solution that is relevant to many industry sectors, and may be incorporated into multiple use cases that the NCCoE works to provide solutions for.
Continuous Monitoring Building Block:
This workshop will review and conduct a deep dive into the Continuous Monitoring Software Asset Management (SAM) Building Block. The building block proposes techniques for meeting SAM challenges. SAM, as envisioned in this building block, requires a standardized approach that provides an integrated view of software throughout its lifecycle. Such an approach must support the following capabilities:
- Authorization and verification of software installation media
- Software execution authorization
- Publication of installed software inventory
- Software inventory-based network access control
NIST's National Cybersecurity Center of Excellence and Computer Security Division, in collaboration with the Department of Homeland Security, General Services Administration, and National Security Agency, have developed a proposed building block. The authors encourage you to review the document prior to the workshop to facilitate building block discussion and the exchange of ideas.
This workshop is oriented to security researchers, security practitioners, system integrators, and other parties interested in developing solutions that address the following challenges:
- Verifying the identity of the software publisher providing installation media
- Verifying that installation media is authentic and hasn't been tampered with
- Determining what software is installed and in use on a given endpoint device including legacy and end-of-life products
- By process of elimination, determining software that is installed on an endpoint device that was not deployed using authorized mechanisms
- Restricting execution of software that was not installed using authorized mechanisms
- Identifying the presence of software flaws in installed software
- Determining if patches are installed on an endpoint device or if additional patches need to be deployed to remedy software flaws