80 FR 48821 - National Cybersecurity Center of Excellence, Attribute Based Access Control Building Block
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 80, Issue 157 (August 14, 2015)
National Institute of Standards and Technology
Federal Register Volume 80, Issue 157 (August 14, 2015)
| Page Range | 48821-48823 | |
| FR Document | 2015-20041 |
[Federal Register Volume 80, Number 157 (Friday, August 14, 2015)] [Notices] [Pages 48821-48823] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-20041] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket Number: 150508436-5436-01] National Cybersecurity Center of Excellence, Attribute Based Access Control Building Block AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Attribute Based Access Control Building Block. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address cybersecurity challenges identified under the Attribute Based Access Control Building Block. Participation in the building block is open to all interested organizations. DATES: Interested parties must contact NIST to request a letter of interest template to be completed and submitted to NIST that identifies the organization requesting participation in the Attribute Based Access Control Building Block and the capabilities and components that are being offered to the collaborative effort. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than September 14, 2015. When the building block has been completed, NIST will post a notice on the NCCoE Attribute Based Access Control Building Block Web site at http://nccoe.nist.gov/content/attribute-based-access-control announcing the completion of the building block and informing the public that it will no longer accept letters of interest for this building block. ADDRESSES: The NCCoE is located at 9600 Gudelsky Drive, Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Organizations whose letters of interest are accepted in accordance with the process set forth in the SUPPLEMENTARY INFORMATION section of [[Page 48822]] this notice will be asked to sign a Cooperative Research and Development Agreement (CRADA) with NIST. A CRADA template can be found at: http://nccoe.nist.gov/node/138. FOR FURTHER INFORMATION CONTACT: Bill Fisher via email at to [email protected], by telephone 240-314-6838; or by mail to National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Additional details about the Attribute Based Access Control Building Block are available at http://nccoe.nist.gov/content/attribute-based-access-control. SUPPLEMENTARY INFORMATION: Background The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services. Process NIST is soliciting responses from all sources of relevant security capabilities (see below) to enter into a Cooperative Research and Development Agreement (CRADA) to provide products and technical expertise to support and demonstrate security platforms for the Attribute Based Access Control Building Block. The full building block can be viewed at: http://nccoe.nist.gov/content/attribute-based-access-control. Interested parties should contact NIST using the information provided in the FOR FURTHER INFORMATION CONTACT section of this notice. NIST will then provide each interested party with a letter of interest template, which the party must complete, certify that it is accurate, and submit to NIST and which identifies the organization requesting participation in the Attribute Based Access Control Building Block and the capabilities and components that are being offered to the collaborative effort. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the building block objective or requirements identified below and to obtain additional information. NIST will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below up to the number of participants in each category necessary to carry out the Attribute Based Access Control Building Block. However, there may be continuing opportunity to participate even after initial activity commences. Selected participants will be required to enter into a consortium CRADA with NIST (for reference, see ADDRESSES section above). NIST published a notice in the Federal Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into National Cybersecurity Excellence Partnerships (NCEPs) in furtherance of the NCCoE. For this demonstration project, NCEP partners will not be given priority for participation. Building Block Objective Enterprises face the continual challenge of providing access control mechanisms for subjects requesting access to corporate resources (e.g. applications, networks, systems and data). Authentication is required for a diverse set of subjects, who may be known or unknown to the enterprise, and may present the organization with differing credentials. Once authenticated, enterprises require a strong authorization system that enables fine-grain access decisions based on a range of users, resources, and environmental conditions. These challenges, combined with the growth and distributed nature of enterprise resources, as well as the need to share information among stakeholders that are not managed directly by the enterprise, has spawned the demand for highly flexible access control mechanisms. This building block will use commercially available technologies to demonstrate an enterprise Attribute Based Access Control implementation that makes run-time authorization decisions and enforces a rich set of access control policies consistently across an enterprise (or enterprises). Information about a subject, the resource being accessed, and the environmental context at the time of attempted access shall form the basis for access control decisions, rather than pre- provisioned privileges within individual systems. Through the use of an attribute exchange platform, this project will exhibit a federated access control environment, allowing for the secure sharing of IT resources across multiple enterprises. In this manner, enterprises enable unanticipated, yet valid, federated identities to gain access, without the traditional challenge of waiting for identity provisioning or authorization approvals. A detailed description of the Attribute Based Access Control Building Block are available at: http://nccoe.nist.gov/content/attribute-based-access-control. Requirements Each responding organization's letter of interest should identify which security platform component(s) or capability(ies) it is offering. Letters of interest should not include company proprietary information, and all components and capabilities must be commercially available. Components are listed in section ten of the Attribute Based Access Control Building Block (for reference, please see the link in the PROCESS section above) and include, but are not limited to:Identity management software that includes functions like: Account provisioning, de-provisioning and directory services Platform for exchanging attributes Federation server Databases for policy database, identity store, subject attribute repository, object and attribute repository Policy server, to serve as the policy administration point Access management system, which may include the policy decision point, policy enforcement point and context handler Authentication server and components supporting two factor authentication Cryptographic means to protect subject privacy during interactions between RPs, IDPs, APs and the attribute exchange platform. Each responding organization's letter of interest should identify how their product(s) address one or more of the desired solution characteristics in section five of the Attribute Based Access Control Building Block description (for reference, please see link in PROCESS section above). Additional details about the Attribute Based Access Control Building Block are available at: http://nccoe.nist.gov/content/attribute-based-access-control. NIST cannot guarantee that all of the products proposed by respondents will be used in the demonstration. Each prospective participant will be expected to work collaboratively with NIST staff and other project participants under the terms of the consortium CRADA in the development of the Attribute Based [[Page 48823]] Access Control Building Block. Prospective participants' contribution to the collaborative effort will include assistance in establishing the necessary interface functionality, connection and set-up capabilities and procedures, demonstration harnesses, environmental and safety conditions for use, integrated platform user instructions, and demonstration plans and scripts necessary to demonstrate the desired capabilities. Each participant will train NIST personnel, as necessary, to operate its product in capability demonstrations. Following successful demonstrations, NIST will publish a description of the security platform and its performance characteristics sufficient to permit other organizations to develop and deploy security platforms that meet the security objectives of the Attribute Based Access Control Building Block. These descriptions will be public information. Under the terms of the consortium CRADA, participants will commit to providing: 1. Access for all participants' project teams to component interfaces and the organization's experts necessary to make functional connections among security platform components 2. Support for development and demonstration of the Attribute Based Access Control Building Block in NCCoE facilities which will be conducted in a manner consistent with Federal requirements (e.g., FIPS 200, FIPS 201, SP 800-53, and SP 800-63) In addition, NIST will support development of interfaces among participants' products by providing IT infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities. The dates of the demonstration of the Attribute Based Access Control Building Block capability will be announced on the NCCoE Web site at least two weeks in advance at http://nccoe.nist.gov/. The expected outcome of the demonstration is to improve Attribute Based Access Control within the enterprise. Participating organizations will gain from the knowledge that their products are interoperable with other participants' offerings. For additional information on the NCCoE governance, business processes, and NCCoE operational structure, visit the NCCoE Web site http://nccoe.nist.gov/. Richard Cavanagh, Acting Associate Director for Laboratory Programs. [FR Doc. 2015-20041 Filed 8-13-15; 8:45 am] BILLING CODE 3510-13-P
![Federal Register / Vol. 80, No. 157 / Friday, August 14, 2015 / Notices 48821
XI. Calculation of the All Others Rate submission of LoIs, NIST invites DEPARTMENT OF COMMERCE
XII. ITC Notification companies with relevant technology to
XIII. Disclosure and Public Comment enter into a Collaborative Research and National Institute of Standards and
XIV. Verification Technology
Recommendation Development Agreement (CRADA) with
[FR Doc. 2015–20124 Filed 8–13–15; 8:45 am] NIST. [Docket Number: 150508436–5436–01]
BILLING CODE 3510–DS–P II. Method of Collection
National Cybersecurity Center of
Upon request, submitters are provided Excellence, Attribute Based Access
DEPARTMENT OF COMMERCE with questions in an electronic Control Building Block
document that can be filled in, signed, AGENCY: National Institute of Standards
National Institute of Standards and and submitted via mail or electronic
Technology and Technology, Department of
mail. Commerce.
Proposed Information Collection; III. Data ACTION: Notice.
Comment Request; National
Cybersecurity Center of Excellence OMB Control Number: 0693–XXXX. SUMMARY: The National Institute of
Participant Letter of Interest Form Number(s): None. Standards and Technology (NIST)
invites organizations to provide
AGENCY: National Institute of Standards Type of Review: New Information products and technical expertise to
and Technology (NIST), Department of Collection. support and demonstrate security
Commerce. Affected Public: Businesses or other platforms for the Attribute Based Access
ACTION: Notice. for profit. Control Building Block. This notice is
the initial step for the National
SUMMARY: The Department of Estimated Number of Respondents:
Cybersecurity Center of Excellence
Commerce, as part of its continuing 100 per year.
(NCCoE) in collaborating with
effort to reduce paperwork and Estimated Time per Response: 30 technology companies to address
respondent burden, invites the general minutes. cybersecurity challenges identified
public and other Federal agencies to under the Attribute Based Access
take this opportunity to comment on Estimated Total Annual Burden
Hours: 50 hours. Control Building Block. Participation in
proposed and/or continuing information the building block is open to all
collections, as required by the Estimated Total Annual Cost to interested organizations.
Paperwork Reduction Act of 1995. Public: $0.
DATES: Interested parties must contact
DATES: Written comments must be
IV. Request for Comments NIST to request a letter of interest
submitted on or before October 13, template to be completed and submitted
2015. Comments are invited on: (a) Whether to NIST that identifies the organization
ADDRESSES: Direct all written comments the proposed collection of information requesting participation in the Attribute
to Jennifer Jessup, Departmental is necessary for the proper performance Based Access Control Building Block
Paperwork Clearance Officer, of the functions of the agency, including and the capabilities and components
Department of Commerce, Room 6616, whether the information shall have that are being offered to the
14th and Constitution Avenue NW., practical utility; (b) the accuracy of the collaborative effort. Letters of interest
Washington, DC 20230 (or via the agency’s estimate of the burden will be accepted on a first come, first
Internet at JJessup@doc.gov). (including hours and cost) of the served basis. Collaborative activities
FOR FURTHER INFORMATION CONTACT: proposed collection of information; (c) will commence as soon as enough
Requests for additional information or ways to enhance the quality, utility, and completed and signed letters of interest
copies of the information collection clarity of the information to be have been returned to address all the
instrument and instructions should be collected; and (d) ways to minimize the necessary components and capabilities,
directed to Lucy Salah, 9600 Gudelsky burden of the collection of information but no earlier than September 14, 2015.
Dr., Rockville, MD 20850 or on respondents, including through the When the building block has been
Lucy.Salah@nist.gov. use of automated collection techniques completed, NIST will post a notice on
SUPPLEMENTARY INFORMATION: or other forms of information the NCCoE Attribute Based Access
technology. Control Building Block Web site at
I. Abstract http://nccoe.nist.gov/content/attribute-
Comments submitted in response to based-access-control announcing the
In order to fulfill its core mission, the
this notice will be summarized and/or completion of the building block and
National Cybersecurity Center of
Excellence (NCCoE) publishes included in the request for OMB informing the public that it will no
announcements in the Federal Register approval of this information collection; longer accept letters of interest for this
of new collaborative projects to address they also will become a matter of public building block.
cybersecurity challenges. In response to record. ADDRESSES: The NCCoE is located at
these announcements, technology Dated: August 10, 2015. 9600 Gudelsky Drive, Rockville, MD
vendors are invited to submit Letters of 20850. Letters of interest must be
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Glenna Mickelson,
Interest (LoI) for technologies relevant to Management Analyst, Office of the Chief
submitted to abac-nccoe@nist.gov or via
the challenge. These letters specify the Information Officer. hardcopy to National Institute of
product(s) that the potential collaborator [FR Doc. 2015–20015 Filed 8–13–15; 8:45 am]
Standards and Technology, NCCoE;
is submitting for consideration, how the 9600 Gudelsky Drive; Rockville, MD
BILLING CODE 3510–13–P
product(s) address(es) one or more of 20850. Organizations whose letters of
the requirements of the project, and interest are accepted in accordance with
contact information for the company’s the process set forth in the
representative. Subsequent to the SUPPLEMENTARY INFORMATION section of
VerDate Sep<11>2014 18:50 Aug 13, 2015 Jkt 235001 PO 00000 Frm 00018 Fmt 4703 Sfmt 4703 E:\FR\FM\14AUN1.SGM 14AUN1](https://thefederalregister.org/doc/80_FR_48978/page/1.svg)
![Federal Register / Vol. 80, No. 157 / Friday, August 14, 2015 / Notices 48823
Access Control Building Block. the NCCoE Web site http:// 20850. Letters of interest may be
Prospective participants’ contribution to nccoe.nist.gov/. submitted to piv-nccoe@nist.gov or via
the collaborative effort will include hardcopy to National Institute of
Richard Cavanagh,
assistance in establishing the necessary Standards and Technology, NCCoE;
Acting Associate Director for Laboratory 9600 Gudelsky Drive; Rockville, MD
interface functionality, connection and Programs.
set-up capabilities and procedures, 20850. Organizations whose letters of
[FR Doc. 2015–20041 Filed 8–13–15; 8:45 am]
demonstration harnesses, environmental interest are accepted in accordance with
BILLING CODE 3510–13–P the process set forth in the
and safety conditions for use, integrated
platform user instructions, and SUPPLEMENTARY INFORMATION section of
demonstration plans and scripts this notice will be asked to sign a
DEPARTMENT OF COMMERCE
necessary to demonstrate the desired Cooperative Research and Development
capabilities. Each participant will train National Institute of Standards and Agreement (CRADA) with NIST. A
NIST personnel, as necessary, to operate Technology CRADA template can be found at:
its product in capability http://nccoe.nist.gov/node/138.
[Docket No.: 150805680–5680–01]
demonstrations. Following successful FOR FURTHER INFORMATION CONTACT: Tim
demonstrations, NIST will publish a National Cybersecurity Center of McBride via email to piv-nccoe@
description of the security platform and Excellence, Derived Personal Identity nist.gov; by telephone 240–314–6811; or
its performance characteristics sufficient Verification Credentials Building Block by mail to National Institute of
to permit other organizations to develop Standards and Technology, NCCoE;
and deploy security platforms that meet AGENCY: National Institute of Standards 9600 Gudelsky Drive; Rockville, MD
the security objectives of the Attribute and Technology, Department of 20850. Additional details about the
Based Access Control Building Block. Commerce. Derived PIV Credentials Building Block
These descriptions will be public ACTION: Notice. are available at http://nccoe.nist.gov/
information. derivedcredentials/.
SUMMARY: The National Institute of
SUPPLEMENTARY INFORMATION:
Under the terms of the consortium Standards and Technology (NIST)
CRADA, participants will commit to invites organizations to provide Background
providing: products and technical expertise to The NCCoE, part of NIST, is a public-
1. Access for all participants’ project support and demonstrate security private collaboration for accelerating the
teams to component interfaces and platforms for the Derived Personal widespread adoption of integrated
Identity Verification (PIV) Credentials cybersecurity tools and technologies.
the organization’s experts necessary
Building Block. This notice is the initial The NCCoE brings together experts from
to make functional connections
step for the National Cybersecurity industry, government, and academia
among security platform
Center of Excellence (NCCoE) in under one roof to develop practical,
components
collaborating with technology interoperable cybersecurity approaches
2. Support for development and companies to address cybersecurity that address the real-world needs of
demonstration of the Attribute challenges identified under the Derived complex Information Technology (IT)
Based Access Control Building PIV Credentials Building Block. systems. By accelerating dissemination
Block in NCCoE facilities which Participation in the building block is and use of these integrated tools and
will be conducted in a manner open to all interested organizations. technologies for protecting IT assets, the
consistent with Federal DATES: Interested parties must contact NCCoE will enhance trust in U.S. IT
requirements (e.g., FIPS 200, FIPS NIST to request a letter of interest communications, data, and storage
201, SP 800–53, and SP 800–63) template to be completed and submitted systems; reduce risk for companies and
In addition, NIST will support to NIST that identifies the organization individuals using IT systems; and
development of interfaces among requesting participation in the NCCoE encourage development of innovative,
participants’ products by providing IT Derived PIV Credentials Building Block job-creating cybersecurity products and
infrastructure, laboratory facilities, and the capabilities and components services.
office facilities, collaboration facilities, that are being offered to the
collaborative effort. Letters of interest Process
and staff support to component
composition, security platform will be accepted on a first come, first NIST is soliciting responses from all
documentation, and demonstration served basis. Collaborative activities sources of relevant security capabilities
activities. will commence as soon as enough (see below) to enter into a Cooperative
completed and signed letters of interest Research and Development Agreement
The dates of the demonstration of the have been returned to address all the (CRADA) to provide products and
Attribute Based Access Control Building necessary components and capabilities, technical expertise to support and
Block capability will be announced on but no earlier than September 14, 2015. demonstrate security platforms for the
the NCCoE Web site at least two weeks When the building block has been Derived PIV Credentials building block.
in advance at http://nccoe.nist.gov/. The completed, NIST will post a notice on The full Derived Personal Identity
expected outcome of the demonstration the NCCoE Derived PIV Credentials Verification (PIV) Credentials building
is to improve Attribute Based Access Building Block Web site at http:// block can be viewed at: http://
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Control within the enterprise. nccoe.nist.gov/derivedcredentials/ nccoe.nist.gov/derivedcredentials/.
Participating organizations will gain announcing the completion of the Interested parties must contact NIST
from the knowledge that their products building block and informing the public to request a letter of interest template to
are interoperable with other that it will no longer accept letters of be completed and submitted to NIST
participants’ offerings. interest for this Derived PIV Credentials that identifies the organization
For additional information on the building block. requesting participation in the NCCoE
NCCoE governance, business processes, ADDRESSES: The NCCoE is located at Derived PIV Credentials Building Block
and NCCoE operational structure, visit 9600 Gudelsky Drive, Rockville, MD and the capabilities and components
VerDate Sep<11>2014 18:50 Aug 13, 2015 Jkt 235001 PO 00000 Frm 00020 Fmt 4703 Sfmt 4703 E:\FR\FM\14AUN1.SGM 14AUN1](https://thefederalregister.org/doc/80_FR_48978/page/3.svg)
Document Created: 2018-02-23 10:58:53
Document Modified: 2018-02-23 10:58:53
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice. | |
| Dates | Interested parties must contact NIST to request a letter of interest template to be completed and submitted to NIST that identifies the organization requesting participation in the Attribute Based Access Control Building Block and the capabilities and components that are being offered to the collaborative effort. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and signed letters of | |
| Contact | Bill Fisher via email at to abac- [email protected], by telephone 240-314-6838; or by mail to National Institute of Standards and Technology, NCCoE; 9600 Gudelsky Drive; Rockville, MD 20850. Additional details about the Attribute Based Access Control Building Block are available at http://nccoe.nist.gov/ content/attribute-based-access-control. | |
| FR Citation | 80 FR 48821 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR