NIST Invites Institutions to Join National Cybersecurity Excellence Partnerships

On October 19, 2012, the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) posted a Federal Register Notice inviting interested U.S. companies to submit letters of interest in collaborating with NIST/ITL on an ongoing basis in the National Cybersecurity Center of Excellence (NCCoE) through partnerships called “National Cybersecurity Excellence Partnerships” (NCEPs). Letters of interest will be accepted on an ongoing basis. However, if NIST determines that letters of interest will no longer be accepted, NIST will publish the last date when letters will be accepted in a Federal Register notice. Interested U.S. companies should send letters to Karen Waltermire via email at NCCoE@nist.gov; or via hardcopy to NCCoE, National Institute of Standards and Technology; 100 Bureau Drive; MS 2000; Gaithersburg, MD 20899.

The NCCoE, hosted by NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE’s mission is to bring together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real world needs of complex Information Technology (IT) systems. By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE strives to enhance trust in U.S. IT communications, data, and storage systems, lower risk for companies and individuals in the use of IT systems, and encourage development of innovative, job-creating cybersecurity products and services.

As part of the NCCoE initiative, NIST/ITL intends to enter into partnerships, called “National Cybersecurity Excellence Partnerships” (NCEPs), with U.S. companies to collaborate on an ongoing basis in the NCCoE. Collaboration agreements will be based upon the statutory technology transfer authorities available to NIST, including the Federal Technology Transfer Act, 15 U.S.C. § 3710a. NIST/ITL intends that NCEP collaborators will co-locate with ITL at the NCCoE at 9600 Gudelsky Drive Rockville, MD 20850 and will contribute to the development of the intellectual and physical infrastructure needed to support collaborative efforts among NIST and many sources of security capabilities, including users and vendors of products and services, on holistic approaches to resolve cybersecurity challenges.

Approaches to resolving cybersecurity challenges will be addressed at the NCCoE through individual “use cases,” a standard tool used by software engineers to define specific function requirements of a system from the point of view of a user trying to accomplish a specific task. The “use cases” developed by NCCoE will incorporate the IT security needs of specific communities or sectors. Examples of candidate sectors include health care, finance and utilities. The cybersecurity challenges that will be the subject of the “use cases” will be selected by NIST through workshops with input from broad groups of stakeholders, as well as public feedback provided via collaborative internet participation. Collaborative participation may be accessed via links from http://nccoe.nist.gov/. Opportunities to participate in individual “use cases” will be announced in the Federal Register and will be open to the public on a first-come, first-served basis. NIST/ITL envisions that the NCCoE will be capable of supporting multiple simultaneous “use cases” in various stages. NCEP collaborators will neither be obligated to participate in a given “use case,” nor will they be guaranteed participation in a given “use case,” but they will be given priority for participation in each “use case” only for their resources that are already onsite at the NCCoE and for components that are interoperable with those onsite resources, within the process defined for that “use case” as announced in the Federal Register.

NCEP collaborators selected to participate in a given “use case” may contribute, but will not be required to contribute, resources in addition to those contributed through their NCEP agreement. However, priority participation in a “use case” will be granted only for resources relevant to the “use case” that are already onsite in the NCCoE and components that are interoperable with those onsite resources. Through their collaboration agreements with NIST/ITL, NCEP collaborators will agree that resources contributed to the NCCoE initiative will be available to all “use case” participants, as determined by NIST. Through individual “use case” consortium agreements, all “use case” participants, including NIST, NCEP collaborators and others, will agree that successful solutions to a NCCoE “use case” will be thoroughly documented and shared publicly, in order to encourage the rapid adoption of comprehensive cybersecurity templates and approaches that support automated and trustworthy e-government and e-commerce.

Each NCEP will be between NIST and a U.S. company. It is anticipated that NCEP agreements will be established for a three-year period, with renewal subject to the requirements and interests of the collaborator and NIST/ITL.

Interested U.S. companies are invited to submit a letter of interest that contains sufficient information for NIST/ITL to objectively determine whether the proposed collaboration is feasible, relevant to the NCCoE mission to foster the rapid adoption and broad deployment of integrated cybersecurity tools and techniques that enhance consumer confidence in U.S. information systems, and has potential to advance the state of cybersecurity practice. Companies whose proposed collaborations are determined by NIST/ITL to meet all three criteria will be invited to enter into negotiations for a cooperative research and development agreement (CRADA) with NIST/ITL. Companies whose letters of interest contain insufficient information for NIST/ITL to make a determination as to whether the proposed collaboration meets all three criteria, and companies whose proposed collaboration is determined by NIST/ITL not to meet all three criteria, will be notified in writing by NIST/ITL.

For further information, please contact Karen Waltermire via email at NCCoE@nist.gov; or telephone 301-975-4500.