Join us as a Collaborator on the Newest NCCoE Manufacturing Project

 In case you did not spend the holiday season watching the Federal
Register, the National Cybersecurity Center of Excellence (NCCoE) issued a
Federal Register Notice inviting industry participants and other interested
collaborators
to participate in the Responding to and Recovering from a Cyber Attack:
Cybersecurity for the Manufacturing Sector
project. In conjunction
with the Federal Register Notice, the NCCoE published the Final
Responding to and
Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

Project Description, Revision 1.

Industrial control systems (ICS) and devices that run
manufacturing environments play a critical role in the supply chain. These same
systems face an increasing number of cyber attacks that present a threat to
safety, production, and economic impact to manufacturing organizations. This
project will demonstrate an approach for responding to and recovering from a
cyber attack on ICS within the manufacturing sector.

Join Us

There are two ways to join the NCCoE for this project:

  • Become
    an NCCoE Collaborator –

    Collaborators are members of the project team who work alongside NCCoE
    staff to build the demonstration by contributing products, services, and
    technical expertise. Collaborators are expected to participate in
    regularly scheduled conference calls and to help build and document the
    demonstration.
  • Get Started TodayIf you are
    interested in becoming an NCCoE collaborator for the Responding to and Recovering
    from a Cyber Attack: Cybersecurity for the Manufacturing Sector
    project,
    first review the requirements identified in the Federal Register Notice.
    If you wish to become a collaborator, you can find the final project
    description and the form to request a Letter of Interest (LOI) template on
    the project page.
    Once you have filled out the request form on the project page, you will be
    provided a link to download the project’s LOI template. The completed LOI
    should be sent to the NCCoE Manufacturing team at [email protected]. Completed
    submissions are considered on a first-come, first-served basis within
    each category of components or characteristics listed in the Federal
    Register Notice, up to the number of participants in each category
    necessary to carry out the project build. 
  • Collaborator Selection The NCCoE
    Manufacturing team will review all submissions and may follow up with
    respondents with questions or to discuss your capabilities. The NCCoE
    Manufacturing team will notify each selected collaborator via email and
    begin the process to establish a Cooperative Research and Development
    Agreement (CRADA) to formalize your collaboration with the NCCoE. Once the
    CRADA has been established, the selected collaborators can begin working
    with the NCCoE to draft white papers, playbooks, and demonstrable
    proof-of-concept implementations.
  • If you submit a Letter of
    Interest and are not selected, the project team will notify you via email.
    We encourage those who are not selected to become collaborators to stay
    engaged via our Community of Interest and to bring your expertise when
    project deliverables are posted as drafts for public comment and during
    any public meetings held for this project.
  • Join our
    Community of Interest

    – By joining the NCCoE Manufacturing Community of Interest (COI), you will
    receive project updates and the opportunity to share your expertise to
    help guide this project. Request to join our COI by visiting our project page.

If you have any questions, please contact our project team at [email protected].

Project
Page

Preliminary Draft Practice Guide (Vol A-E) From the ZTA Team

The Zero Trust Architecture (ZTA) team at NIST’s National
Cybersecurity Center of Excellence (NCCoE)
 has published the
second version of volumes A-D and the first version of volume E of a
preliminary draft practice guide titled “
Implementing a
Zero Trust Architecture
” and is seeking the public’s comments on
their contents. This guide summarizes how the NCCoE and its collaborators are
using commercially available technology to build interoperable, open
standards-based ZTA example implementations that align to the concepts and
principles in NIST Special Publication (SP) 800-207,
Zero Trust Architecture.

The updated versions of volumes A-D document three additional ZTA
implementations that have been added to the guide since the previous drafts
were published. Volume E provides a risk analysis and mapping of ZTA security
characteristics to cybersecurity standards and recommended practices. As the
project progresses, the guide will be updated.

As an enterprise’s data and resources have become distributed
across the on-premises environment and multiple clouds, protecting them has
become increasingly challenging. Many users need access from anywhere, at any
time, from any device. The NCCoE is addressing these challenges by
collaborating with industry participants to demonstrate several approaches to a
zero trust architecture applied to a conventional, general-purpose
enterprise IT infrastructure on-premises and in the cloud.

We Want to Hear from You!

The NCCoE is making volumes A-E available as preliminary drafts
for public comment while work continues on the project. Review the preliminary
drafts and submit comments online on or before February 6, 2023.

Comment here

NIST Requests Comments on SP 800-132, Recommendation for Password-Based Key Derivation: Part 1: Storage Applications

NIST is in the process of a periodic review and maintenance of its
cryptography standards and guidelines. 

Currently, we are reviewing the following publication: 

SP 800-132 specifies a family of password-based key derivation
functions (PBKDFs) for deriving cryptographic keys from passwords or
passphrases for the protection of electronically-stored data or for the
protection of data protection keys. 

NIST requests feedback on all aspects of SP 800-132. Additionally,
NIST would appreciate feedback on the industry need for new password-based
standards, including memory-hard password-based key derivation functions and
password hashing schemes. 

The public comment period is open through February 24, 2023. Send
comments to [email protected] with
“Comments on SP 800-132” in the subject line. 

Comments received in response to this request will be posted on
the Crypto
Publication Review Project site
 after the due date. Submitters’
names and affiliations (when provided) will be included, while contact
information will be removed. See the project site for additional information
about the review process. 

Read
More