19 October 2012
NIST RLI National Cybersecurity Center of Excellence
[Federal Register Volume 77, Number 203 (Friday, October 19, 2012)]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-25826]
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 120912441-2441-01]
National Cybersecurity Center of Excellence (NCCoE)
AGENCY: National Institute of Standards and Technology, Department of
SUMMARY: The National Institute of Standards and Technology (NIST)
Information Technology Laboratory (ITL) invites interested U.S.
companies to submit letters of interest in collaborating with NIST/ITL
on an ongoing basis in the National Cybersecurity Center of Excellence
(NCCoE) through partnerships called ``National Cybersecurity Excellence
DATES: Letters of interest will be accepted on an ongoing basis.
However, if NIST determines that letters of interest will no longer be
accepted, NIST will publish the last date when letters will be accepted
in a Federal Register notice.
ADDRESSES: Interested U.S. companies should send letters to Karen
Waltermire via email at NCCoE@nist.gov; or via hardcopy to NCCoE,
National Institute of Standards and Technology; 100
Bureau Drive; MS 2000; Gaithersburg, MD 20899.
FOR FURTHER INFORMATION CONTACT: Karen Waltermire via email at
NCCoE@nist.gov; or telephone 301-975-4500. For additional information
on NCCoE governance, business processes, and operational structure,
visit the NCCoE Web site, at http://csrc.nist.gov/nccoe.
SUPPLEMENTARY INFORMATION: The NCCoE, hosted by NIST, is a public-
private collaboration for accelerating the widespread adoption of
integrated cybersecurity tools and technologies. The NCCoE's mission is
to bring together experts from industry, government, and academia under
one roof to develop practical, interoperable cybersecurity approaches
that address the real world needs of complex Information Technology
(IT) systems. By accelerating dissemination and use of these integrated
tools and technologies for protecting IT assets, the NCCoE strives to
enhance trust in U.S. IT communications, data, and storage systems,
lower risk for companies and individuals in the use of IT systems, and
encourage development of innovative, job-creating cybersecurity
products and services.
As part of the NCCoE initiative, NIST/ITL intends to enter into
partnerships, called ``National Cybersecurity Excellence Partnerships''
(NCEPs), with U.S. companies to collaborate on an ongoing basis in the
NCCoE. Collaboration agreements will be based upon the statutory
technology transfer authorities available to NIST, including the
Federal Technology Transfer Act, 15 U.S.C. 3710a. NIST/ITL intends that
NCEP collaborators will co-locate with ITL at the NCCoE at 9600
Gudelsky Drive Rockville, MD 20850 and will contribute to the
development of the intellectual and physical infrastructure needed to
support collaborative efforts among NIST and many sources of security
capabilities, including users and vendors of products and services, on
holistic approaches to resolve cybersecurity challenges.
Approaches to resolving cybersecurity challenges will be addressed
at the NCCoE through individual ``use cases,'' a standard tool used by
software engineers to define specific function requirements of a system
from the point of view of a user trying to accomplish a specific task.
The ``use cases'' developed by NCCoE will incorporate the IT security
needs of specific communities or sectors. Examples of candidate sectors
include health care, finance and utilities. The cybersecurity
challenges that will be the subject of the ``use cases'' will be
selected by NIST through workshops with input from broad groups of
stakeholders, as well as public feedback provided via collaborative
internet participation. Collaborative participation may be accessed via
links from http://nccoe.nist.gov/. Opportunities to participate in
individual ``use cases'' will be announced in the Federal Register and
will be open to the public on a first-come, first-served basis. NIST/
ITL envisions that the NCCoE will be capable of supporting multiple
simultaneous ``use cases'' in various stages. NCEP collaborators will
neither be obligated to participate in a given ``use case,'' nor will
they be guaranteed participation in a given ``use case,'' but they will
be given priority for participation in each ``use case'' only for their
resources that are already onsite at the NCCoE and for components that
are interoperable with those onsite resources, within the process
defined for that ``use case'' as announced in the Federal Register.
NCEP collaborators selected to participate in a given ``use case''
may contribute, but will not be required to contribute, resources in
addition to those contributed through their NCEP agreement. However,
priority participation in a ``use case'' will be granted only for
resources relevant to the ``use case'' that are already onsite in the
NCCoE and components that are interoperable with those onsite
resources. Through their collaboration agreements with NIST/ITL, NCEP
collaborators will agree that resources contributed to the NCCoE
initiative will be available to all ``use case'' participants, as
determined by NIST. Through individual ``use case'' consortium
agreements, all ``use case'' participants, including NIST, NCEP
collaborators and others, will agree that successful solutions to a
NCCoE ``use case'' will be thoroughly documented and shared publicly,
in order to encourage the rapid adoption of comprehensive cybersecurity
templates and approaches that support automated and trustworthy e-
government and e-commerce.
Each NCEP will be between NIST and a U.S. company. It is
anticipated that NCEP agreements will be established for a three-year
period, with renewal subject to the requirements and interests of the
collaborator and NIST/ITL.
Interested U.S. companies are invited to submit a letter of
interest that contains sufficient information for NIST/ITL to
objectively determine whether the proposed collaboration is feasible,
relevant to the NCCoE mission to foster the rapid adoption and broad
deployment of integrated cybersecurity tools and techniques that
enhance consumer confidence in U.S. information systems, and has
potential to advance the state of cybersecurity practice. Companies
whose proposed collaborations are determined by NIST/ITL to meet all
three criteria will be invited to enter into negotiations for a
cooperative research and development agreement (CRADA) with NIST/ITL.
Companies whose letters of interest contain insufficient information
for NIST/ITL to make a determination as to whether the proposed
collaboration meets all three criteria, and companies whose proposed
collaboration is determined by NIST/ITL not to meet all three criteria,
will be notified in writing by NIST/ITL.
Dated: October 12, 2012.
Willie E. May,
Associate Director for Laboratory Programs.
[FR Doc. 2012-25826 Filed 10-18-12; 8:45 am]
BILLING CODE 3510-13-P