83 FR 18504 - National Cybersecurity Center of Excellence (NCCoE) Data Integrity Building Block
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 83, Issue 82 (April 27, 2018)
National Institute of Standards and Technology
Federal Register Volume 83, Issue 82 (April 27, 2018)
| Page Range | 18504-18506 | |
| FR Document | 2018-08829 |
[Federal Register Volume 83, Number 82 (Friday, April 27, 2018)] [Notices] [Pages 18504-18506] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-08829] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No.: 180301235-8235-01] National Cybersecurity Center of Excellence (NCCoE) Data Integrity Building Block AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for two data integrity projects within the Data Integrity Building Block. The two projects are (1) Data [[Page 18505]] Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events and (2) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address cybersecurity challenges identified under the Data Integrity Building Block. Participation in the building block is open to all interested organizations and organizations may participate in one or both data integrity projects. DATES: Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than May 29, 2018. ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway, Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Organizations whose letters of interest are accepted in accordance with the process set forth in the SUPPLEMENTARY INFORMATION section of this notice will be asked to sign a separate consortium Cooperative Research and Development Agreement (CRADA) with NIST for each Data Integrity Building Block project. An NCCoE consortium CRADA template can be found at: http://nccoe.nist.gov/node/138. FOR FURTHER INFORMATION CONTACT: Timothy McBride via email to [email protected]; by telephone 301-975-0214; or by mail to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Data Integrity Building Block are available at https://nccoe.nist.gov/projects/building-blocks/data-integrity. SUPPLEMENTARY INFORMATION: Interested parties must contact NIST to request a letter of interest template to be completed and submitted to NIST. Letters of interest will be accepted on a first come, first served basis. Parties interested in participating in both data integrity projects must submit a separate letter of interest for each data integrity project. When the building block has been completed, NIST will post a notice announcing the completion of the building block and informing the public that it will no longer accept letters of interest for this building block on the NCCoE Data Integrity Building Block website at https://nccoe.nist.gov/projects/building-blocks/data-integrity/identify-protect for Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and at https://nccoe.nist.gov/projects/building-blocks/data-integrity/detect-respond for Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events. Background: The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services. Process: NIST is soliciting responses from all sources of relevant security capabilities (see below) to enter into a Cooperative Research and Development Agreement (CRADA) to provide products and technical expertise to support and demonstrate security platforms for the Data Integrity Building Block. The full building block can be viewed at: https://nccoe.nist.gov/projects/building-blocks/data-integrity. Interested parties should contact NIST using the information provided in the FOR FURTHER INFORMATION CONTACT section of this notice. NIST will then provide each interested party with a letter of interest template, which the party must complete, certify that it is accurate, and submit to NIST. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the building block objective or requirements identified below. NIST will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below up to the number of participants in each category necessary to carry out this building block. However, there may be continuing opportunity to participate even after initial activity commences. Selected participants will be required to enter into a consortium CRADA with NIST (for reference, see ADDRESSES section above). NIST published a notice in the Federal Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into National Cybersecurity Excellence Partnerships (NCEPs) in furtherance of the NCCoE. For this demonstration project, NCEP partners will not be given priority for participation. Building Block Objective: Establish tools and procedures to defend, detect, and respond to data integrity events. A detailed description of the Data Integrity Building Block is available at: https://nccoe.nist.gov/projects/building-blocks/data-integrity. Requirements: Each responding organization's letter of interest should identify which security platform component(s) or capability(ies) it is offering. Responding organizations must submit a separate letter of interest and sign a separate consortium CRADA for each project the responding organization is interested in joining. Letters of interest should not include company proprietary information, and all components and capabilities must be commercially available. Components are listed in section 3 of each of the data integrity projects (1) Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and (2) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (for reference, please see the link in the PROCESS section above) and include, but are not limited to:For Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events: Secure storage File integrity checking mechanisms backup capability for databases, VMs, and file systems Vulnerability management and identification software Signature based vulnerability detection Behavior based vulnerability detection Zero-day vulnerability detection Log collection software Asset inventory software Asset management Asset discovery Maintenance software (including software versioning and distribution technology) Software versioning Software distribution Update verification For Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events Integrity monitoring Event detection Malicious software detection [[Page 18506]] Unauthorized activity detection Anomalous activity detection Logging and data correlation software Reporting capability Vulnerability management Forensics/analytics tools Mitigation and containment software Each responding organization's letter of interest should identify how their products address one or more of the following desired solution characteristics in section 3 of each of the Data Integrity projects (1) Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and (2) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (for reference, please see the link in the PROCESS section above): 1 For Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events: Inventory assets both part of the enterprise and the solution itself Be secure against integrity attacks against hosts Be secure against integrity attacks that occur on the network Support secure backups Provide protected network and remote access Provide audit capabilities 2 For Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events: Detect unauthorized or malicious activity on the network Detect unauthorized or malicious mobile code (such as web technologies like JavaScript, VBScript, and other code executed but loaded from an external site) Detect unauthorized or malicious executables Detect unauthorized or malicious behavior Report unauthorized or malicious activity on the network Report unauthorized or malicious mobile code events Report unauthorized or malicious executables Report unauthorized or malicious behavior Analyze the impact of unauthorized or malicious activity on the network Analyze the impact of unauthorized or malicious mobile code events Analyze the impact of unauthorized or malicious executables Analyze the impact of unauthorized or malicious behavior Mitigate the impact of unauthorized or malicious activity on the network Mitigate the impact of unauthorized or malicious mobile code events Mitigate the impact of unauthorized or malicious executables Mitigate the impact of unauthorized or malicious behavior Contain unauthorized or malicious activity on the network Contain unauthorized or malicious mobile code events Contain unauthorized or malicious executables Contain unauthorized or malicious behavior Responding organizations need to understand and, in their letters of interest, commit to provide: 1. Access for all participants' project teams to component interfaces and the organization's experts necessary to make functional connections among security platform components 2. Support for development and demonstration of the Data Integrity Building Block in NCCoE facilities which will be conducted in a manner consistent with the following standards and guidance: FIPS 200, FIPS 201 (for the Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events Project), SP 800-53, FIPS 140- 2, SP 800-37, SP 800-57, SP 800-61, SP 800-83, SP 800-150, SP 800-160, and SP 800-184. Additional details about the Data Integrity Building Block are available at: https://nccoe.nist.gov/projects/building-blocks/data-integrity. NIST cannot guarantee that all of the products proposed by respondents will be used in the demonstration. Each prospective participant will be expected to work collaboratively with NIST staff and other project participants under the terms of the consortium CRADA in the development of the Data Integrity Building Block. Prospective participants' contribution to the collaborative effort will include assistance in establishing the necessary interface functionality, connection and set-up capabilities and procedures, demonstration harnesses, environmental and safety conditions for use, integrated platform user instructions, and demonstration plans and scripts necessary to demonstrate the desired capabilities. Each participant will train NIST personnel, as necessary, to operate its product in capability demonstrations. Following successful demonstrations, NIST will publish a description of the security platform and its performance characteristics sufficient to permit other organizations to develop and deploy security platforms that meet the security objectives of the Data Integrity Building Block. These descriptions will be public information. Under the terms of the consortium CRADA, NIST will support development of interfaces among participants' products by providing IT infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities. The dates of the demonstration of the Data Integrity Building Block capability will be announced on the NCCoE website at least two weeks in advance at http://nccoe.nist.gov/. The expected outcome of the demonstration is to improve data integrity within the enterprise. Participating organizations will gain from the knowledge that their products are interoperable with other participants' offerings. For additional information on the NCCoE governance, business processes, and NCCoE operational structure, visit the NCCoE website http://nccoe.nist.gov/. Kevin A. Kimball, Chief of Staff. [FR Doc. 2018-08829 Filed 4-26-18; 8:45 am] BILLING CODE 3510-13-P
![18504 Federal Register / Vol. 83, No. 82 / Friday, April 27, 2018 / Notices
The typical New Construction New Construction Program Address quarters addresses, the New
Program Participant Review Materials Updates Construction Program participants can
package will contain the following: From September through November opt to receive:
1. New Construction Program Quick 2019, the Census Bureau will process all • GUPS with Census Bureau spatial
Start Document. files received from participants. Files data.
2. New Construction Program User that are submitted in the proper format • PDF maps.
Guide. and with complete geocoding data are Participants may also use their own
3. New Construction Program Address compared against the Census Bureau’s software to create a computer-readable
List Template. census address list, extracted from the list of addresses in the prescribed
4. Geographic Update Partnership MAF, to check for any addresses already format. Participants will use the Census
Software (GUPS). on the list. The Census Bureau will add Bureau provided maps or spatial data as
5. New Construction Program Map the addresses to the census address list a reference for assigning census tract
PDFs (for geocoding purposes only). and MAF, if needed, and mail decennial and block codes (geocodes) for each
6. New Construction Program spatial census forms to any participant- submitted address.
shapefiles (for geocoding purposes supplied addresses that were not
III. Data
only). already in the census address list. The
census enumeration process will OMB Control Number: 0607–XXXX.
Participants must submit their New
determine the final housing unit status Form Number(s): NC_RForm_2020.
Construction Program address list to the
and population for each unit. Type of Review: Regular submission.
Census Bureau within 45 calendar days
of receipt of the New Construction Closeout Affected Public: Federally recognized
Program materials. The New tribes, states, local governments
The Census Bureau provides a (counties, incorporated places,
Construction Program addresses must be closeout letter to governments that
returned in the Census Bureau’s functioning minor civil divisions).
registered to participate and provided Estimated Number of Respondents:
predefined format, and each address updates as well as a thank you letter to
must be geocoded or assigned to the Program Invitation: 32,000.
governments that provided updates.
census tract and block in which it is Participant Material Review: 6,550.
Closeout occurs between December
located as shown on the New Estimated Time per Response:
2019 and January 2020.
Construction Program PDF or digital Program Invitation: 1 hour.
(shapefile) maps. This stage will occur II. Method of Collection Participant Material Review: 47 hours.
between August and September 2019. The Census Bureau will collect the Estimated Total Hour Burden:
The average estimated time burden to New Construction Program participants’ Program Invitation: 32,000 hours.
add, review, and submit the New contact information and product media Participant Material Review: 307,850
Construction Program address list to the preference when participants fill out the hours.
Census Bureau is 47 hours per electronic or printed forms. To prepare Estimated Total Annual Burden
participant. and submit their list of new living Hours: 339,850 hours.
Estimated time
Estimated number Total estimated
Stage of review per response
of respondents hour burden
(hours)
Program Invitation ...................................................................................................... 32,000 1 32,000
Participant Material Review ....................................................................................... 6,550 47 307,850
Total .................................................................................................................... .............................. .............................. 339,850 hours.
Estimated Total Annual Cost to proposed collection of information; (c) DEPARTMENT OF COMMERCE
Public: $0. (This is not the cost of ways to enhance the quality, utility, and
respondents’ time, but the indirect costs clarity of the information to be National Institute of Standards and
respondents may incur for such things collected; and (d) ways to minimize the Technology
as purchases of specialized software or burden of the collection of information [Docket No.: 180301235–8235–01]
hardware needed to report, or on respondents, including through the
expenditures for accounting or records use of automated collection techniques National Cybersecurity Center of
maintenance services required or other forms of information Excellence (NCCoE) Data Integrity
specifically by the collection.) technology. Building Block
Respondent’s Obligation: Voluntary.
Comments submitted in response to AGENCY: National Institute of Standards
Legal Authority: Title 13, U.S.C., this notice will be summarized and/or and Technology, Department of
Section 141(a). included in the request for OMB Commerce.
IV. Request for Comments approval of this information collection; ACTION: Notice.
they also will become a matter of public
Comments are invited on: (a) Whether SUMMARY: The National Institute of
record.
daltland on DSKBBV9HB2PROD with NOTICES
the proposed collection of information Standards and Technology (NIST)
is necessary for the proper performance Sheleen Dumas, invites organizations to provide
of the functions of the agency, including Departmental Lead PRA Officer, Office of the products and technical expertise to
whether the information shall have Chief Information Officer. support and demonstrate security
practical utility; (b) the accuracy of the [FR Doc. 2018–08964 Filed 4–26–18; 8:45 am] platforms for two data integrity projects
agency’s estimate of the burden BILLING CODE 3510–07–P
within the Data Integrity Building
(including hours and cost) of the Block. The two projects are (1) Data
VerDate Sep<11>2014 18:18 Apr 26, 2018 Jkt 244001 PO 00000 Frm 00004 Fmt 4703 Sfmt 4703 E:\FR\FM\27APN1.SGM 27APN1](https://thefederalregister.org/doc/83_FR_18586/page/1.svg)
![18506 Federal Register / Vol. 83, No. 82 / Friday, April 27, 2018 / Notices
• Unauthorized activity detection • Mitigate the impact of unauthorized and deploy security platforms that meet
• Anomalous activity detection or malicious mobile code events the security objectives of the Data
• Logging and data correlation • Mitigate the impact of unauthorized Integrity Building Block. These
software or malicious executables descriptions will be public information.
• Reporting capability • Mitigate the impact of unauthorized Under the terms of the consortium
• Vulnerability management or malicious behavior CRADA, NIST will support
• Forensics/analytics tools • Contain unauthorized or malicious development of interfaces among
• Mitigation and containment activity on the network participants’ products by providing IT
software • Contain unauthorized or malicious infrastructure, laboratory facilities,
Each responding organization’s letter mobile code events office facilities, collaboration facilities,
of interest should identify how their • Contain unauthorized or malicious and staff support to component
products address one or more of the executables composition, security platform
following desired solution • Contain unauthorized or malicious documentation, and demonstration
characteristics in section 3 of each of the behavior activities.
Data Integrity projects (1) Data Integrity: Responding organizations need to The dates of the demonstration of the
Identifying and Protecting Assets understand and, in their letters of Data Integrity Building Block capability
Against Ransomware and Other interest, commit to provide: will be announced on the NCCoE
Destructive Events, and (2) Data 1. Access for all participants’ project website at least two weeks in advance
Integrity: Detecting and Responding to teams to component interfaces and at http://nccoe.nist.gov/. The expected
Ransomware and Other Destructive the organization’s experts necessary outcome of the demonstration is to
Events (for reference, please see the link to make functional connections improve data integrity within the
in the PROCESS section above): among security platform enterprise. Participating organizations
will gain from the knowledge that their
1 For Data Integrity: Identifying and components
2. Support for development and products are interoperable with other
Protecting Assets Against participants’ offerings.
Ransomware and Other Destructive demonstration of the Data Integrity
For additional information on the
Events: Building Block in NCCoE facilities
NCCoE governance, business processes,
• Inventory assets both part of the which will be conducted in a
and NCCoE operational structure, visit
enterprise and the solution itself manner consistent with the the NCCoE website http://nccoe.nist.
• Be secure against integrity attacks following standards and guidance: gov/.
against hosts FIPS 200, FIPS 201 (for the Data
• Be secure against integrity attacks Integrity: Identifying and Protecting Kevin A. Kimball,
that occur on the network Assets Against Ransomware and Chief of Staff.
• Support secure backups Other Destructive Events Project), [FR Doc. 2018–08829 Filed 4–26–18; 8:45 am]
• Provide protected network and SP 800–53, FIPS 140–2, SP 800–37, BILLING CODE 3510–13–P
remote access SP 800–57, SP 800–61, SP 800–83,
• Provide audit capabilities SP 800–150, SP 800–160, and SP
2 For Data Integrity: Detecting and 800–184. DEPARTMENT OF COMMERCE
Responding to Ransomware and Additional details about the Data
Other Destructive Events: Integrity Building Block are available at: National Oceanic and Atmospheric
• Detect unauthorized or malicious https://nccoe.nist.gov/projects/building- Administration (NOAA)
activity on the network blocks/data-integrity. National Sea Grant Advisory Board
• Detect unauthorized or malicious NIST cannot guarantee that all of the (NSGAB); Public Meeting of the
mobile code (such as web products proposed by respondents will National Sea Grant Advisory Board
technologies like JavaScript, be used in the demonstration. Each
VBScript, and other code executed prospective participant will be expected AGENCY: Office of Oceanic and
but loaded from an external site) to work collaboratively with NIST staff Atmospheric Research (OAR), National
• Detect unauthorized or malicious and other project participants under the Oceanic and Atmospheric
executables terms of the consortium CRADA in the Administration (NOAA), Department of
• Detect unauthorized or malicious development of the Data Integrity Commerce (DOC).
behavior Building Block. Prospective ACTION: Notice of public meeting.
• Report unauthorized or malicious participants’ contribution to the
activity on the network collaborative effort will include SUMMARY: This notice sets forth the
• Report unauthorized or malicious assistance in establishing the necessary schedule and proposed agenda of a
mobile code events interface functionality, connection and forthcoming meeting of the NSGAB.
• Report unauthorized or malicious set-up capabilities and procedures, NSGAB members will discuss and
executables demonstration harnesses, environmental provide advice on the National Sea
• Report unauthorized or malicious and safety conditions for use, integrated Grant College Program (Sea Grant),
behavior platform user instructions, and specifically to review and approve the
• Analyze the impact of unauthorized demonstration plans and scripts 2018 Biennial Report to Congress, and
or malicious activity on the network necessary to demonstrate the desired any other matters as described in the
• Analyze the impact of unauthorized capabilities. Each participant will train agenda found on the Sea Grant website
daltland on DSKBBV9HB2PROD with NOTICES
or malicious mobile code events NIST personnel, as necessary, to operate at http://seagrant.noaa.gov/WhoWeAre/
• Analyze the impact of unauthorized its product in capability Leadership/NationalSeaGrantAdvisory
or malicious executables demonstrations. Following successful Board/UpcomingAdvisory
• Analyze the impact of unauthorized demonstrations, NIST will publish a BoardMeetings.aspx.
or malicious behavior description of the security platform and DATES: The announced meeting is
• Mitigate the impact of unauthorized its performance characteristics sufficient scheduled for Monday, May 14, 2018,
or malicious activity on the network to permit other organizations to develop from 3:00 p.m. to 4:30 p.m. ET.
VerDate Sep<11>2014 18:18 Apr 26, 2018 Jkt 244001 PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 E:\FR\FM\27APN1.SGM 27APN1](https://thefederalregister.org/doc/83_FR_18586/page/3.svg)
Document Created: 2018-04-27 01:44:20
Document Modified: 2018-04-27 01:44:20
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice. | |
| Dates | Collaborative activities will commence as soon as enough | |
| Contact | Timothy McBride via email to [email protected]; by telephone 301-975-0214; or by mail to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Data Integrity Building Block are available at https://nccoe.nist.gov/ projects/building-blocks/data-integrity. | |
| FR Citation | 83 FR 18504 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR