The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology seeks collaborators to address key security challenges in identity verification and access management for the electric power sector. The center is looking for technology vendors interested in working on a standards-based model solution—a "reference design"—that would demonstrate how companies can control physical and computer network access to resources that range from buildings and equipment to information technology and industrial control systems.
This challenge was described in a recently released Identity Access and Management "use case"—a tool software engineers use to define specific function requirements of a system. The center invited public comment on a draft version of the use case in 2013, and used that input to develop the final version.
The NCCoE addresses businesses' most pressing cybersecurity problems with practical, standards-based demonstrations using commercially available technologies. The reference design developed through this effort will help companies more securely authenticate the individuals and systems to which they are giving access rights. In addition, it should allow them to enforce access control policies (e.g., allow, deny, inquire further) across resources consistently, uniformly and quickly.
The project also will result in a NIST practice guide that includes a materials list and instructions for steps needed to implement the reference design.
Companies interested in participating in the use case should read the Federal Register Notice at https://federalregister.gov/a/2014-05960 for complete details and instructions for requesting a letter of interest template, in which the company must outline its proposed contributions. Those selected to participate will enter into a cooperative research and development agreement with NIST.
To learn more about the NCCoE and how to collaborate on its projects, visit http://nccoe.nist.gov.