Home > Projects > Financial Services
Print | Email Us

Projects


Financial Services

SEcuring Assets for the financial Services sector

In November 2013, the National Cybersecurity Center of Excellence (NCCoE) posted drafts of the first of several use cases addressing cybersecurity issues that are relevant across the financial services sector. The public was invited to comment. We have provided a response to each statement and revised the use cases accordingly. You can download the revised use cases and their comments below.

Use Case: Access rights Management V.2 (PDF)

The goal of this project is to demonstrate ways to link together the management of existing disparate identity and access mechanisms and systems into a comprehensive identity and access management (IDAM) system. This will enable financial sector entities to centrally issue, validate, and modify or revoke access rights for their entire enterprise based on easy-to-understand business rules. Read the one-page brief (PDF).

Use Case: IT Asset management V.2 (PDF)

The goal of this project is to tie existing data systems for physical assets and security and IT security and support into a comprehensive IT asset management (ITAM) system. Financial services companies can employ this ITAM system to dynamically apply business and security rules to better utilize information assets and protect enterprise systems and data. Such an ITAM system will give companies the ability to track, manage and report on an information asset throughout its entire life cycle. Read the one-page brief (PDF).

NCCoE cybersecurity experts will address these challenges through collaboration with members of the financial services sector and vendors of cybersecurity solutions. The solutions proposed by this effort will not be the only ones available in the fast-moving cybersecurity technology market. If you would like to propose an alternative architecture or know of products that might be applicable to this challenge, please contact us at financial_nccoe@nist.gov.

Next steps:

  • We published a notice in the Federal Register to invite participation in the IT Asset Management use case from members of the cybersecurity technology community. A Federal Register notice for the Access Rights Management use case will be published once work on the IT Asset Management use case is underway.
    • To receive announcements about the publication of future Federal Register notices, sign up for our email alerts by entering your email address in the box at the top right of this page.
  • Further steps for the IT Asset Management use case:
    • Technology community members are submitting letters of interest, as specified in the Federal Register notice.
    • The NCCoE will host a meeting of letter-of-interest signatories.
    • The NCCoE will form a collaborative research and development aggreement (CRADA) consortium with the letter-of-interest signatories.
  • Technical work will begin as soon as the CRADA consortium has enough members to cover all aspects of the project.

 

 

Footer line image