National Cybersecurity Center of Excellence at the National Institute of Standards and Technology
Financial Services Update
This email is for people currently working on financial services sector projects at the National Cybersecurity Center of Excellence (NCCoE) or who have expressed an interest in projects at the NCCoE. This email is just one part of the outreach between the NCCoE and our collaborators in the financial services industry. We will also share project status updates and hold regular teleconferences that we will invite you to attend using bulletins like these.
Currently, the NCCoE is conducting a great deal of lab work to build an example solution to the IT Asset Management (ITAM) use case. In March, the center’s other financial services use case, Identity and Access Control, will seek collaborators from the vendor community by publishing a notice in the Federal Register (you will receive an alert). Both use cases are a direct result of interactions with our financial services collaborators.
The ITAM project provides a complete view of all IT assets present in an enterprise. This includes physical devices, software and virtual machines, and will link into the existing information silos present in most organizations. Visit the project page for more detailed information. Currently, nine vendors are working with the NCCoE on the ITAM use case.
Please check the new NCCoE Financial Service ITAM forum for lab diagrams and a listing of all the machines currently installed. Updates will be posted to the forums as we hit milestones. I hope you will contribute your ideas and comments regarding the use case to the forums. It’s easy to sign up for an account to contribute your thoughts.
Earlier this month, the NCCoE met with CIOs, CTOs and CISOs at Stanford University in coordination with the White House Summit on Cybersecurity and Consumer Protection. We heard executives from retail, hospitality, health care, insurance, and other industries express concerns about issues like point of sale security, payment system security, information/threat sharing, data privacy, secure software development tools, and data integrity (database, file, system, and backups). Please stay tuned to these updates: We will be calling on you to assist us in developing some of these into use cases that will benefit your institutions.
- The lab infrastructure for the ITAM use case is functional and consists of a DMZ and four separate sub-networks for IT systems, network security, physical security and physical asset management. The lab is modular and can be modified as needed.
- Products from Alphapoint, Belarc and RedJack are currently installed and running in the lab.
- We are installing the Eracent ITAM solution, and configuring a VPN between the NCCoE and a mainframe computer from Vanguard Integrity Professionals.
- Computer Associates is scheduled to begin installation of their products in early March.
- The Cybersecurity Summit held at Stanford University on February 12-13 showed us additional cybersecurity challenges that need solving
- Projected completion date: May 2015.
Michael J. Stone
Senior Security Engineer
The NCCoE accelerates adoption of commercially available, secure solutions among U.S. businesses. We work with computer hardware manufacturers, software developers, technology vendors and system integrators to demonstrate practical, standards-based, open, modular, end-to-end cybersecurity solutions.
http://nccoe.nist.gov 240-314-6800 firstname.lastname@example.org
Any mention of commercial products in this bulletin is for information only; it does not imply recommendation or endorsement by NCCoE or NIST.
If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.
Technical questions? Contact email@example.com. (301) 975-NIST (6478).
This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478