The National Institute of Standards and Technology (NIST) published
a notice in today’s Federal Register (79 FR
15100-15102) seeking organizations that are interested in working with the National
Cybersecurity Center of Excellence (NCCoE) to address issues related to the
physical and logical control of access to power generation, transmission and
distribution facilities and equipment including industrial control systems.
Identity and Access
Management
The NCCoE is looking for organizations that might be able to
address capabilities or that have products that address:
• Services for authenticating and
authorizing users based on identity, role, third-party affiliation (e.g.,
federation) or other attributes (e.g., attribute-based access control);
• Services for authenticating and
authorizing devices;
• Services for whitelisting
applications;
• Identity and access governance
capability that translates human-readable access needs into machine-readable
authorizations;
• Security incident and event
management (SIEM) or log analysis software for monitoring access management
events;
• ICS equipment, such as Remote
Terminal Units (RTUs), programmable logic controllers (PLC), and relays, along
with associated software and communications equipment (e.g., radios,
encryptors);
• Physical access control devices
that use standard communication interfaces; or
• “Bump-in-the-wire” devices for
augmenting Operational Technology (OT) with authentication, authorization,
access control, encrypted communication and logging capabilities.
Products or processes must meet the following capability
requirements:
• Compatibility with various
electric utility ICS equipment and software
• Strong authentication of users,
devices, and software, based on credentials or attributes, along with
appropriate encryption to enable reasonably secure exchange of identity and
access management informationShow citation box
• Compatibility with protocols and
communication media commonly used by electric utilities
• Federated authorization for
communication across security domains
• Ease of use (e.g., installation,
configuration, maintenance, provisioning, de-provisioning, credentialing,
revoking credentials)
More details can be found here.
Participation
Organizations wishing to participate in this NCCoE project
must contact NIST to request
a letter of interest. Completed letters of interest will be submitted to
NIST no later than April 17, 2014. NCCoE will select participants who have
submitted complete letters of interest on a first come, first served basis
within each category of product components or capabilities up to the number of
participants in each category necessary to carry out this use case.
Posts
No comments:
Post a Comment