How We Work

At the NCCoE, we bring together experts from industry, government, and academia to address real-world needs for securing complex IT systems and protecting the nation’s critical infrastructure.  Together, we generate technical descriptions of the problems and map the desired solution to NIST and industry standards and best practices.  Along the way we seek comments from the public to make the problem descriptions as broadly applicable as possible and invite technology vendors to collaborate with us. 

Define

We define a scope of work with industry to solve a pressing cybersecurity challenge. 

Business person expressing opinions to junior and senior colleagues in conference room

We invite members of the community to talk about their challenges, ask questions, and listen to understand the challenge at hand. During this phase, we publish a draft project description for public comment. We adjudicate the comments and publish a final version to our website that outlines the cybersecurity challenge along with a draft architecture.  

Assemble

We assemble teams of industry organizations, government agencies, and academic institutions to address all aspects of a cybersecurity challenge. 

Business person expressing opinions to junior and senior colleagues in conference room

We release a Federal Register Notice to announce the opportunity to collaborate and explain what capabilities we are looking for. Potential collaborators respond with a completed Letter of Interest (LOI). Submitted LOIs are accepted on a first-come basis. When the collaborators join our build team, they sign a Cooperative Research and Development Agreement (CRADA) to provide their commercially-available product and their expertise.  All our work is open, transparent, publicly accessible, and informed by both the general public and technology providers. 

Build

A photo of NCCoE Engineers working in the Healthcare lab.

We build a practical, usable, repeatable implementation to address the cybersecurity challenge. During this phase, a reference architecture is finalized. The collaborators provide support to install and configure their technologies and then they provide support throughout the build to address issues, such as interoperability. 

Keys to Our Success

Every step of our approach to creating practical cybersecurity solutions includes the following three key elements: 

Collaborate
The NCCoE relies on regular, robust collaboration with experts and innovators from various sectors in addition to the broader technology community to help us best identify and address businesses’ most pressing cybersecurity challenges.

Document
The NCCoE, which documents its work across mediums such as the NIST Special Publication 1800 series, industry-specific cybersecurity papers, videos, and interactive guides; also maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to recreate example solutions in part or in full.

Advocate and Educate
Promoting what we do and how we do it, and teaching others ways to improve their cybersecurity posture, is foundational to everything we do at the NCCoE.