Date Published: November 2017
Comments Due: December 12, 2017 (public comment period is CLOSED)
Email Questions to: di-nccoe@nist.gov
, , , ,
This objective of this project from the National Cybersecurity Center of Excellence (NCCoE) is to effectively identify assets (devices, data, and applications) that may become targets of data integrity attacks, as well as the vulnerabilities in the organization’s system that facilitate these attacks. It will also explore methods to protect these assets against data integrity attacks through the use of backups, secure storage, integrity checking mechanisms, audit logs, vulnerability management, maintenance, and other potential solutions. The project will also result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:
Contingency Planning; Audit and Accountability; Access Control; Configuration Management; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Program Management; Risk Assessment; Assessment, Authorization and Monitoring; System and Communications Protection; System and Information Integrity; System and Services Acquisition
Publication:
Project Description
Supplemental Material:
Submit Comments (other)
Project homepage (other)
Related NIST Publications:
Document History:
11/28/17: White Paper (Draft)
02/07/18: White Paper (Final)
Security and Privacy
access control; audit & accountability; contingency planning; incident response; maintenance; media protection; physical & environmental protection; planning; program management; risk assessment; system authorization; threats; vulnerability management
Laws and Regulations
Cybersecurity Strategy and Implementation Plan; Federal Information Security Modernization Act