Daily Rules, Proposed Rules, and Notices of the Federal Government
The NCCoE, hosted by NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE's mission is to bring together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE strives to enhance trust in U.S. IT communications, data, and storage systems, lower risk for companies and individuals in the use of IT systems, and encourage development of innovative, job-creating cybersecurity products and services.
As part of the NCCoE initiative, NIST/ITL intends to enter into partnerships, called “National Cybersecurity Excellence Partnerships” (NCEPs), with U.S. companies to collaborate on an ongoing basis in the NCCoE. Collaboration agreements will be based upon the statutory technology transfer authorities available to NIST, including the Federal Technology Transfer Act, 15 U.S.C. 3710a. NIST/ITL intends that NCEP collaborators will co-locate with ITL at the NCCoE at 9600 Gudelsky Drive Rockville, MD 20850 and will contribute to the development of the intellectual and physical infrastructure needed to support collaborative efforts among NIST and many sources of security capabilities, including users and vendors of products and services, on holistic approaches to resolve cybersecurity challenges.
Approaches to resolving cybersecurity challenges will be addressed at the NCCoE through individual “use cases,” a standard tool used by software engineers to define specific function requirements of a system from the point of view of a user trying to accomplish a specific task. The “use cases” developed by NCCoE will incorporate the IT security needs of specific communities or sectors. Examples of candidate sectors include health care, finance and utilities. The cybersecurity challenges that will be the subject of the “use cases” will be selected by NIST through workshops with input from broad groups of stakeholders, as well as public feedback provided via collaborative internet participation. Collaborative participation may be accessed via links from
NCEP collaborators selected to participate in a given “use case” may contribute, but will not be required to contribute, resources in addition to those contributed through their NCEP agreement. However, priority participation in a “use case” will be granted only for resources relevant to the “use case” that are already onsite in the NCCoE and components that are interoperable with those onsite resources. Through their collaboration agreements with NIST/ITL, NCEP collaborators will agree that resources contributed to the NCCoE initiative will be available to all “use case” participants, as determined by NIST. Through individual “use case” consortium agreements, all “use case” participants, including NIST, NCEP collaborators and others, will agree that successful solutions to a NCCoE “use case” will be thoroughly documented and shared publicly, in order to encourage the rapid adoption of comprehensive cybersecurity templates and approaches that support automated and trustworthy e-government and e-commerce.
Each NCEP will be between NIST and a U.S. company. It is anticipated that NCEP agreements will be established for a three-year period, with renewal subject to the requirements and interests of the collaborator and NIST/ITL.
Interested U.S. companies are invited to submit a letter of interest that contains sufficient information for NIST/ITL to objectively determine whether the proposed collaboration is feasible, relevant to the NCCoE mission to foster the rapid adoption and broad deployment of integrated cybersecurity tools and techniques that enhance consumer confidence in U.S. information systems, and has potential to advance the state of cybersecurity practice. Companies whose proposed collaborations are determined by NIST/ITL to meet all three criteria will be invited to enter into negotiations for a cooperative research and development agreement (CRADA) with NIST/ITL. Companies whose letters of interest contain insufficient information for NIST/ITL to make a determination as to whether the proposed collaboration meets all three criteria, and companies whose proposed collaboration is determined by NIST/ITL not to meet all three criteria, will be notified in writing by NIST/ITL.