Home > Events
Print | Email Us

Calendar

Events & Appearances

NCCoE Workshop on Software Asset Management

December 5, 2013
9 am - 3 pm

9600 Gudelsky Drive
Rockville, MD 20850
240-314-6800

This workshop will review and conduct a deep dive into the Continuous Monitoring Software Asset Management (SAM) Building Block. The building block proposes techniques for meeting SAM challenges. SAM, as envisioned in this building block, requires a standardized approach that provides an integrated view of software throughout its lifecycle. Such an approach must support the following capabilities:

  1. Authorization and verification of software installation media  
  2. Software execution authorization 
  3. Publication of installed software inventory 
  4. Software inventory-based network access control 

The NCCoE and NIST Computer Security Division, in collaboration with Department of Homeland Security, General Services Administration, and National Security Agency, have developed a proposed building block. The authors encourage you to review the document prior to the workshop to facilitate building block discussion and the exchange of ideas.

Audience

This workshop is oriented to security researchers, security practitioners, system integrators, and other parties interested in developing solutions that address the following challenges: 

  • Verifying the identity of the software publisher providing installation media
  • Verifying that installation media is authentic and hasn’t been tampered with
  • Determining what software is installed and in use on a given endpoint device including legacy and end-of-life products
  • By process of elimination, determining software that is installed on an endpoint device that was not deployed using authorized mechanisms
  • Restricting execution of software that was not installed using authorized mechanisms. 
  • Identifying the presence of software flaws in installed software
  • Determining if patches are installed on an endpoint device or if additional patches need to be deployed to remedy software flaws

Agenda

9:00-9:45 am
Overview of the National Cybersecurity Center of Excellence

9:45-10:15 am
Building Block overview and business drivers

10:15–noon
Building Block deep dive

Noon–1:30 pm
Lunch on your own

1:30–3:00 pm
Q/A and next steps

To confirm your attendance at this workshop send an email with your name, title, and organization to nccoe_events@nist.gov

Please download and review the building block document prior to the workshop.

Whether or not you attend the workshop, we welcome your comments. Send your feedback regarding this building block to conmon-nccoe@nist.gov.

NCCOE at Cyber Security Summit 2013

On October 22, 2013 at 1:30 pm, NCCoE deputy director Nate Lesser will discuss the center's approach to health IT use cases in the session "Healthcare - Security Framework and Solutions" at the Cyber Security Summit 2013 in Minneapolis, Mn.

Jonathan Margulies on Panel at Security B-sides DC

NCCoE project manager Jonathan Margulies will participate in the panel, “Critical Infrastructure and Key Resources,” on October 20, 2013 at the Security B-Sides conference in Washington, DC.

Curt Barker to Present at Cyber Security and Critical Infrastructure Protection conference

Curt Barker, a chief cybersecurity advisor to NCCoE, will speak on “Facilitating Critical Infrastructure Adoption of Emerging Cybersecurity Technologies”on September 18, 2013 at the Cyber Security and Critical Infrastructure Protection conference in Arlington, Va.

Mike Bartock and Nate Lesser to Present at Software/Supply Chain Assurance Forum

NCCoE staff members will present a demo and talk titled “The NCCoE and Trusted Geolocation in the Cloud - A Case Study,” on September 18, 2013 at the Software/Supply Chain Assurance Forum in McLean, Va.

Curt Barker at the Business Council for International Understanding

The NCCoE’s chief cybersecurity advisor, Curt Barker, will address matching standards and commercially-available components to real-world business problems in order to accelerate adoption of security platforms and increase business opportunities through public trust in electronic commerce in an address to the Business Council for International Understanding on September 17, 2013 in Washington, DC.

Jonathan Margulies at EnergySec

NCCoE project manager Jonathan Margulies will attend the EnergySec 9th Annual Security Summit from September 17-19, 2013 in Denver, Co. Stop by the NCCoE table to learn more about our energy sector use cases.

NCCoE Hosts Attribute Based Access Control Workshop

A workshop based on NIST Special Publication 800-162, "Guide to Attribute Based Access Control (ABAC) Definition and Considerations," will be held at the NCCoE on July 17, 2013.

Gavin O'Brien at Healthcare Data Analytics

Gavin O'Brien, our Health IT project lead, will speak at the Healthcare Data Analytics meeting on July 9, 2013, in Washington, D.C.

Gavin O'Brien to present at Telemedicine Policy Summit

Gavin O'Brien, who heads up our Health IT project, will speak June 27, 2013 at the American Telemedicine Association Federal Telemedicine Policy Summit in Washington, D.C.

Gavin O'Brien will Speak at Data Science Maryland

Gavin O'Brien, the project manager leading NCCoE's Health IT project, will speak at the Data Science MD meeting titled "Discovering and Securing the Data" on Tuesday, June 18, 2013 at 6:30 pm. Gavin will talk about the NCCoE's process and the status of the Mobile Devices Use Case.

Jonathan Margulies at I3P Conference

Jonathan Margulies, who leads NCCoE's efforts in the energy sector, visited Oak Ridge National Lab on Tuesday, June 11, 2013 to introduce the center's work to a meeting of the Institute for Information Infrastructure Protection (I3P).

Nate Lesser to Speak at HIPAA Security Conference

NCCoE Deputy Director Nate Lesser will speak at "Safeguarding Health Information: Building Assurance through HIPAA Security - 2013" on Wednesday, May 22 at 2:30 pm. His talk title is "Health IT and the National Cybersecurity Center of Excellence." For more information, visit the conference website.

Nate Lesser to Speak at FS-ISAC & BITS Annual Summit 2013

NCCoE Deputy Director Nate Lesser and other staff members of the NCCoE will attend the upcoming FS-ISAC & BITS Annual Summit from April 28 to May 1 in Ponte Vedra Beach, FL. Nate will serve on the Public-Private Information Sharing Challenge panel on Tuesday, April 30 from 11:30 am to 12:30 pm. The session will combine government and industry perspectives on the role of government in information sharing with financial sector institutions. The goal is to enhance two-way information sharing that will improve the cyber security posture of the sector. More information is available on the summit's website.

Health IT Mobile Device Use Case Meeting

  • April 17, 2013
  • A meeting to
    • Educate participating companies about their collaboration with us
    • Familiarize them with the problem statement and the scope of work
    • Help the companies self-identify the components they plan to bring
  • To register for this event, visit https://www.fbcinc.com/NIST/HealthIT
  • A small fee, $32, will be charged to cover the cost of lunch and snacks.

Celebrate Our Partners: Signing Ceremony

  • April 15, 2013 at 2:30 pm
  • Join us to celebrate our collaborations with Intel, Hytrust, McAfee, Cisco, Splunk, RSA, Symantec, Hewlett-Packard, Microsoft, Vanguard and Venafi in the National Cybersecurity Excellence Partnership.
  • In addition to NIST Director Patrick Gallagher, confirmed speakers are:
    • U.S. Senator Barbara Mikulski
    • Maryland Governor Martin O'Malley
    • Montgomery County Executive Ike Leggett
    • National Security Agency Director General Keith Alexander
  • To register, visit http://www.ibbr.umd.edu/NCCoENCEP

HIMSS13

RSA 2013

Visit us at booth #250 at the 2013 RSA conference in San Francisco February 25 to March 1, 2013.

  • Dr. Pat Gallagher, director of NIST, will be at the NCCoE booth on Wednesday, February 27 from 4 - 4:30 pm.
  • NCCoE Deputy Director Nate Lesser will be at the CyberMaryland booth #216 to discuss the center, its business process, and the Secure Exchange of Health Information Demonstration Project on Wednesday, February 27, at 2:30 pm.

Visit the NCCoE booth for a Trusted Geolocation in the Cloud technical demonstration:

  • Monday, February 25 from 6:00 pm - 8:00 pm
  • Tuesday, February 26 from 11:00 am - 1:00 pm and 5:00 pm - 6:00 pm
  • Wednesday, February 27 from 11:00 am - 1:00 pm and 4:30 pm - 5:30 pm
  • Thursday, February 28 from 1:30 pm - 3:00 pm

NIST Cyber Security Showcase

  • January 29, 2013
  • 8:30 a.m. to 3:00 p.m

Co-sponsored buy TEDCO, the Maryland Technology Development Corporation. Learn about cybersecurity projects at NIST and opportunities to collaborate. On the agenda:

  • Overview of the National Cyber Security Center of Excellence
  • Overview of the NIST Cloud Computing Security Working Group
  • Opportunities for partnering
  • National Strategy for Trusted Identities in Cyberspace
  • Cybersecurity for electronic medical records, cloud computing, and the Smart Grid

To register, visit http://nistshowcase.eventbrite.com/

Trusted Geolocation in the Cloud Technical Demonstration

  • January 14, 2013
  • This workshop explains selected security challenges involving infrastructure as a service (IaaS) cloud computing technologies and geolocation. It will be a hands-on proof of concept implementation that was designed to address those challenges.

NCCoE Workshop

Footer line image