80 FR 18198 - National Cybersecurity Center of Excellence Access Rights Management Use Case for the Financial Services Sector
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 80, Issue 64 (April 3, 2015)
National Institute of Standards and Technology
Federal Register Volume 80, Issue 64 (April 3, 2015)
| Page Range | 18198-18200 | |
| FR Document | 2015-07590 |
[Federal Register Volume 80, Number 64 (Friday, April 3, 2015)] [Notices] [Pages 18198-18200] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-07590] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No.: 150318278-5278-01] National Cybersecurity Center of Excellence Access Rights Management Use Case for the Financial Services Sector AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for access rights management for the financial services sector. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address cybersecurity challenges identified under the financial services sector program. Participation in the use case is open to all interested organizations. DATES: Interested parties must contact NIST to request a letter of interest template. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than May 4, 2015. When the use case has been completed, NIST will post a notice on the NCCoE financial services sector program Web site at http://nccoe.nist.gov/financial-services announcing the completion of the use case and informing the public that it will no longer accept letters of interest for this use case. ADDRESSES: The NCCoE is located at 9600 Gudelsky Drive, Rockville, MD 20850. Letters of interest must be submitted to financial_NCCoE@nist.gov or via hardcopy to National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Organizations whose letters of interest are accepted in accordance with the Process set forth in the SUPPLEMENTARY INFORMATION section of this notice will be asked to sign a Cooperative Research and Development Agreement (CRADA) with NIST. A CRADA template can be found at: http://nccoe.nist.gov/node/138. FOR FURTHER INFORMATION CONTACT: Michael Stone via email at financial_NCCoE@nist.gov; or telephone 240-314- [[Page 18199]] 6813; National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Additional details about the Financial Services Sector program are available at http://nccoe.nist.gov/financial-services. SUPPLEMENTARY INFORMATION: Background: The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services. Process: NIST is soliciting responses from all sources of relevant security capabilities (see below) to enter into a Cooperative Research and Development Agreement (CRADA) to provide products and technical expertise to support and demonstrate security platforms for the Access Rights Management use case for the Financial Services Sector. The full use case can be viewed at: http://nccoe.nist.gov/sites/default/files/NCCoE_FS_Use_Case_IDAM_FinalDraft_20140501.pdf. Interested parties should contact NIST using the information provided in the FOR FURTHER INFORMATION CONTACT section of this notice. NIST will then provide each interested party with a letter of interest template, which the party must complete, certify that it is accurate, and submit to NIST. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the use case objective or requirements identified below. NIST will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below up to the number of participants in each category necessary to carry out this use case. However, there may be continuing opportunity to participate even after initial activity commences. Selected participants will be required to enter into a consortium CRADA with NIST. NIST published a notice in the Federal Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into National Cybersecurity Excellence Partnerships (NCEPs) in furtherance of the NCCoE. For this demonstration project, NCEP partners will not be given priority for participation. Use Case Objective: The goal of this project is to demonstrate ways to link together the management of existing disparate identity and access mechanisms and systems into a comprehensive identity and access management (IDAM) system. This will enable financial sector entities to centrally issue, validate, and modify or revoke access rights for their entire enterprise based on easy-to-understand business rules. This IDAM system will abstract, unify, and simplify the complex task of dealing with multiple types of access systems, such as Windows Active Directory, Unix/Linux, Resource Access Control Facility (RACF), automatic class selection (ACS2) and myriad legacy and internally developed application-specific mechanisms. This IDAM system will also produce consolidated reports and statistics so that administrators and managers can make accurate risk management decisions. This IDAM system will, at a minimum, automate the monitoring and analysis of identity related activities in a manner that enables administrators and managers to make timely and informed risk management decisions. Requirements: Each responding organization's letter of interest should identify which security platform components or capabilities it is offering. Components are listed in section six (for reference, please see link in PROCESS section above) of the Access Rights Management for the Financial Services Sector use case and include, but are not limited to:Mainframe (may be simulated or remotely accessed) such as RACF Representative ``homemade'' financial sector application(s) with internal user access database and logging system Each responding organization's letter of interest should identify how their products address one or more of the following desired solution characteristics in section two (for reference, please see link in PROCESS section above) of the Access Rights Management for the Financial Services Sector use case: 1. Is a single system that is capable of interacting with multiple existing accesses 2. Has management systems to provide a complete picture of access rights within the organization 3. Complements, and does not replace, existing security infrastructure 4. Utilizes secure communications among all components 5. Automates logging, reporting and alerting of identity and access management events across the enterprise 6. Can be queried for information (ad-hoc reporting) in order to answer management, performance and security questions (i.e. show all activity for a given user in a certain time period) 7. Does not introduce new attack vectors into existing systems 8. Supports multiple access levels for the IDAM system (e.g. administrator, operator, viewer) 9. Provides fine-grain privilege controls (e.g. groups, users, directory, file, and record) 10. Provides the ability to attach expiration dates/time limits on access controls 11. Provides the ability to map user's access requests via ``service'' account access Responding organizations need to understand and, in their letters of interest, commit to provide: 1. Access for all participants' project teams to component interfaces and the organization's experts necessary to make functional connections among security platform components 2. Support for development and demonstration of the Access Rights Management use case for the Financial Services Sector in NCCoE facilities which will be conducted in a manner consistent with Federal requirements (e.g., FIPS 200, FIPS 201, SP 800-53, and SP 800-63) Additional details about the Access Rights Management for the Financial Services sector use case are available at: http://nccoe.nist.gov/sites/default/files/NCCoE_FS_Use_Case_IDAM_FinalDraft_20140501.pdf. NIST cannot guarantee that all of the products proposed by respondents will be used in the demonstration. Each prospective participant will be expected to work collaboratively with NIST staff and other project participants under the terms of the consortium agreement in the development of the Access Rights Management for the Financial Services sector capability. Prospective participants' contribution to the collaborative effort will include assistance in establishing the necessary interface functionality, connection and set- up capabilities and procedures, demonstration harnesses, environmental and safety conditions for use, integrated [[Page 18200]] platform user instructions, and demonstration plans and scripts necessary to demonstrate the desired capabilities. Each prospective participant will train NIST personnel as necessary, to operate its product in capability demonstrations to the financial services community. Following successful demonstrations, NIST will publish a description of the security platform and its performance characteristics sufficient to permit other organizations to develop and deploy security platforms that meet the security objectives of the Access Rights Management for the Financial Services sector use case. These descriptions will be public information. Under the terms of the consortium agreement, NIST will support development of interfaces among participants' products by providing IT infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities. The dates of the demonstration of the Access Rights Management for the Financial Services sector capability will be announced on the NCCoE Web site at least two weeks in advance at http://nccoe.nist.gov/. The expected outcome of the demonstration is to improve access rights management across an entire financial services sector enterprise. Participating organizations will gain from the knowledge that their products are interoperable with other participants' offerings. For additional information on the NCCoE governance, business processes, and NCCoE operational structure, visit the NCCoE Web site http://nccoe.nist.gov/. Richard Cavanagh, Acting Associate Director for Laboratory Programs. [FR Doc. 2015-07590 Filed 4-2-15; 8:45 am] BILLING CODE 3510-13-P
![18198 Federal Register / Vol. 80, No. 64 / Friday, April 3, 2015 / Notices
and state export assistance programs; collects harvest and production DEPARTMENT OF COMMERCE
invoicing (billing) foreign buyers; information broken out by specific
collecting (letters of credit and other criteria such as gear type, area, delivery National Institute of Standards and
financial instruments) payment for and product type, and pounds and Technology
Products; and arranging for payment of value. The COAR is due by April 1 of [Docket No.: 150318278–5278–01]
applicable commissions and fees. the year following any buying or
Export Markets processing activity. National Cybersecurity Center of
Any person or company who received Excellence Access Rights
The Export Markets include all parts Management Use Case for the
of the world except the United States a Fisheries Business License from the
Financial Services Sector
(the fifty states of the United States, the Alaska Department of Revenue and an
District of Columbia, the Intent to Operate Permit by Alaska AGENCY: National Institute of Standards
Commonwealth of Puerto Rico, the Department of Fish and Game (ADF&G) and Technology, Department of
Virgin Islands, American Samoa, Guam, is required to annually submit the Commerce.
the Commonwealth of the Northern COAR to the State of Alaska, Alaska ACTION: Notice.
Mariana Islands, and the Trust Territory Department of Fish and Game (ADF&G),
of the Pacific Islands). under Alaska Administrative Code SUMMARY: The National Institute of
(AAC), chapter 5 AAC 39.130. In Standards and Technology (NIST)
Export Trade Activities and Methods of invites organizations to provide
Operations addition, any person or company who
receives an Exclusive Economic Zone products and technical expertise to
To engage in Export Trade in the (EEZ)-only permit from ADF&G support and demonstrate security
Export Markets, WJIR may provide and/ platforms for access rights management
annually must submit a COAR to
or arrange for the provision of Export for the financial services sector. This
ADF&G. Any owner of a catcher/
Trade Facilitation Services. notice is the initial step for the National
processor or mothership with a Federal
Cybersecurity Center of Excellence
Definition permit operating in the EEZ off Alaska (NCCoE) in collaborating with
‘‘Supplier’’ means a person who is required to annually submit a COAR technology companies to address
produces, provides, or sells Products, to ADF&G under 50 CFR part 679.5(p). cybersecurity challenges identified
Services, and/or Technology Rights. The COAR provides information on under the financial services sector
Dated: March 31, 2015. ex-vessel and first wholesale values for program. Participation in the use case is
Joseph Flynn, statewide fish and shellfish products. open to all interested organizations.
Director, Office of Trade and Economic
Containing information from shoreside DATES: Interested parties must contact
Analysis, International Trade Administration. processors, stationary floating NIST to request a letter of interest
[FR Doc. 2015–07717 Filed 4–2–15; 8:45 am]
processors, motherships, and catcher/ template. Letters of interest will be
processors, this data collection yields accepted on a first come, first served
BILLING CODE 3510–DR–P
equivalent annual product value basis. Collaborative activities will
information for all respective processing commence as soon as enough completed
DEPARTMENT OF COMMERCE sectors and provides a consistent time and signed letters of interest have been
series according to which groundfish returned to address all the necessary
National Oceanic and Atmospheric resources may be managed more components and capabilities, but no
Administration efficiently. earlier than May 4, 2015. When the use
case has been completed, NIST will post
Submission for OMB Review; Affected Public: Business or other for- a notice on the NCCoE financial services
Comment Request profit organizations. sector program Web site at http://
Frequency: Annually. nccoe.nist.gov/financial-services
The Department of Commerce will
Respondent’s Obligation: Mandatory. announcing the completion of the use
submit to the Office of Management and
case and informing the public that it
Budget (OMB) for clearance the This information collection request will no longer accept letters of interest
following proposal for collection of may be viewed at reginfo.gov. Follow for this use case.
information under the provisions of the the instructions to view Department of
Paperwork Reduction Act (44 U.S.C. ADDRESSES: The NCCoE is located at
Commerce collections currently under
Chapter 35). 9600 Gudelsky Drive, Rockville, MD
review by OMB. 20850. Letters of interest must be
Agency: National Oceanic and
Atmospheric Administration (NOAA). Written comments and submitted to financial_NCCoE@nist.gov
Title: Alaska Commercial Operator’s recommendations for the proposed or via hardcopy to National Institute of
Annual Report (COAR). information collection should be sent Standards and Technology, NCCoE;
OMB Control Number: 0648–0428. within 30 days of publication of this 9600 Gudelsky Drive; Rockville, MD
Form Number(s): None. notice to OIRA_Submission@ 20850. Organizations whose letters of
Type of Request: Regular (extension of omb.eop.gov or fax to (202) 395–5806. interest are accepted in accordance with
a currently approved information the Process set forth in the
Dated: March 30, 2015.
collection). SUPPLEMENTARY INFORMATION section of
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Sarah Brabson, this notice will be asked to sign a
Number of Respondents: 179.
Average Hours per Response: 8 hours. NOAA PRA Clearance Officer. Cooperative Research and Development
Burden Hours: 1,432. [FR Doc. 2015–07585 Filed 4–2–15; 8:45 am] Agreement (CRADA) with NIST. A
Needs and Uses: This request is for BILLING CODE 3510–22–P CRADA template can be found at:
extension of a currently approved http://nccoe.nist.gov/node/138.
information collection. FOR FURTHER INFORMATION CONTACT:
The Alaska Commercial Operator’s Michael Stone via email at financial_
Annual Report (COAR) is a report that NCCoE@nist.gov; or telephone 240–314–
VerDate Sep<11>2014 17:49 Apr 02, 2015 Jkt 235001 PO 00000 Frm 00011 Fmt 4703 Sfmt 4703 E:\FR\FM\03APN1.SGM 03APN1](https://thefederalregister.org/doc/80_FR_18262/page/1.svg)
![18200 Federal Register / Vol. 80, No. 64 / Friday, April 3, 2015 / Notices
platform user instructions, and address areas such as data management Administration, 1401 Constitution Ave.
demonstration plans and scripts practices; common, open data NW., Washington, DC 20230. Such
necessary to demonstrate the desired standards; policy issues related to submissions will be included in the
capabilities. Each prospective privacy, latency, and consistency; record for the meeting if received by
participant will train NIST personnel as effective models for public-private Friday, April 17, 2015.
necessary, to operate its product in partnership; external uses of Commerce The meeting is physically accessible
capability demonstrations to the data; and, methods to build new to persons with disabilities. Requests for
financial services community. feedback loops between the Department sign language interpretation or other
Following successful demonstrations, and data users. The CDAC will meet in auxiliary aids should be directed to the
NIST will publish a description of the a plenary session on April 23–24, 2015. Director of External Communication as
security platform and its performance Last-minute changes to the schedule are soon as possible, preferably two weeks
characteristics sufficient to permit other possible, which could prevent giving prior to the meeting. If you plan to
organizations to develop and deploy advance public notice of schedule attend the meeting, please register by
security platforms that meet the security adjustments. Monday, April 20, 2015. You may
objectives of the Access Rights DATES: April 23–24, 2015. On April 23, access the online registration from the
Management for the Financial Services the meeting will begin at approximately following link: https://
sector use case. These descriptions will 12:00 p.m. and end at approximately www.regonline.com/cdac_april_2015_
be public information. Under the terms 5:00 p.m. On April 24, the meeting will meeting.
of the consortium agreement, NIST will begin at approximately 9:00 a.m. and Seating is available to the public on
support development of interfaces end at approximately 1:00 p.m. a first-come, first-served basis.
among participants’ products by ADDRESSES: The meeting will be held at Dated: March 30, 2015.
providing IT infrastructure, laboratory Google Washington, DC, 25 Austin Durrer,
facilities, office facilities, collaboration Massachusetts Avenue NW., Suite 900, Chief of Staff for Under Secretary for
facilities, and staff support to Washington, DC 20001. Economic Affairs, Economics and Statistics
component composition, security FOR FURTHER INFORMATION CONTACT: Administration.
platform documentation, and Burton Reist, BReist@doc.gov Director of [FR Doc. 2015–07773 Filed 4–2–15; 8:45 am]
demonstration activities. External Communication and DFO, BILLING CODE P
The dates of the demonstration of the CDAC, Department of Commerce,
Access Rights Management for the Economics and Statistics
Financial Services sector capability will Administration, 1401 Constitution Ave. DEPARTMENT OF COMMERCE
be announced on the NCCoE Web site NW., Washington, DC 20230, telephone
at least two weeks in advance at (202) 482–3331. International Trade Administration
http://nccoe.nist.gov/. The expected
SUPPLEMENTARY INFORMATION: The CDAC
outcome of the demonstration is to
comprises as many as 20 members. The [A–570–932]
improve access rights management
Committee provides an organized and
across an entire financial services sector Steel Threaded Rod From the People’s
continuing channel of communication
enterprise. Participating organizations between recognized experts in the data Republic of China: Notice of Court
will gain from the knowledge that their industry (collection, compilation, Decision Not in Harmony With the
products are interoperable with other analysis, dissemination and privacy Final Results of Scope Ruling on
participants’ offerings. protection) and the Department of Antidumping Duty Order and Notice of
For additional information on the Amended Final Results of Scope
Commerce. The CDAC provides advice
NCCoE governance, business processes, Ruling on Antidumping Duty Order
and recommendations, to include
and NCCoE operational structure, visit
process and infrastructure
the NCCoE Web site http:// AGENCY: Enforcement and Compliance,
improvements, to the Secretary, DOC
nccoe.nist.gov/. International Trade Administration,
and the DOC data-bureau leadership on
Department of Commerce.
Richard Cavanagh, ways to make Commerce data easier to
Acting Associate Director for Laboratory find, access, use, combine and SUMMARY: On September 22, 2014, the
Programs. disseminate. The aim of this advice United States Court of Appeals for the
[FR Doc. 2015–07590 Filed 4–2–15; 8:45 am] shall be to maximize the value of Federal Circuit (CAFC) issued a
BILLING CODE 3510–13–P Commerce data to all users including decision that engineered steel coil rod
governments, businesses, communities, (coil rod) imported by A.L. Patterson,
academia, and individuals. Inc. (Patterson) was outside the scope of
DEPARTMENT OF COMMERCE The Committee meeting is in the antidumping duty order on certain
accordance with the Federal Advisory steel threaded rod from the People’s
Economics and Statistics Committee Act (Title 5, United States Republic of China on threaded rod from
Administration Code, Appendix 2, Section 10(a)(b)). the PRC.1 On December 29, 2014, the
All meetings are open to the public. United States Court of International
Commerce Data Advisory Council A brief period will be set aside at the Trade (CIT or Court) issued an order for
Meeting meeting for public comment on April the Department to take action on
24, 2015. However, individuals with remand in accordance with the CAFC’s
asabaliauskas on DSK5VPTVN1PROD with NOTICES
AGENCY: Economic and Statistics
Administration, Department of extensive questions or statements must decision and to find that Patterson’s
Commerce. submit them in writing to: engineered steel coil rod is outside the
ACTION: Notice of public meeting. DataAdvisoryCouncil@doc.gov (subject
line ‘‘APRIL 2015 CDAC Meeting Public 1 See A.L. Patterson, Inc., v. United States, 585
SUMMARY: The Economic and Statistics Comment’’), or by letter submission to Fed. Appx. 778, 785–86 (Fed. Cir. 2014) (Patterson
CAFC 2014); see also Certain Steel Threaded Rod
Administration (ESA) is giving notice of the Director of External Communication from the People’s Republic of China: Notice of
a meeting of Commerce Data Advisory and DFO, CDAC, Department of Antidumping Duty Order, 74 FR 17154 (April 4,
Council (CDAC). The CDAC will Commerce, Economics and Statistics 2009) (AD Order).
VerDate Sep<11>2014 17:49 Apr 02, 2015 Jkt 235001 PO 00000 Frm 00013 Fmt 4703 Sfmt 4703 E:\FR\FM\03APN1.SGM 03APN1](https://thefederalregister.org/doc/80_FR_18262/page/3.svg)
Document Created: 2015-12-18 15:29:23
Document Modified: 2015-12-18 15:29:23
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice. | |
| Dates | Interested parties must contact NIST to request a letter of interest template. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and signed letters of interest have been | |
| Contact | Michael Stone via email at [email protected]; or telephone 240-314- 6813; National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Additional details about the Financial Services Sector program are available at http:// nccoe.nist.gov/financial-services. | |
| FR Citation | 80 FR 18198 |
2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR