FCW’s Zero Trust Workshop

Tuesday, May 19, 2020

The NCCoE’s Alper Kerman will participate in Federal Computer Week’s virtual half-day Zero Trust Workshop where he will provide updates on the NCCoE’s latest project, Implementing a Zero Trust Architecture. This event will feature cyber leaders from government and industry who will describe their moves toward zero trust, the challenges of adapting existing systems and operations, and the benefits early adopters are seeing as attacks continue to multiply.

Zero Trust Architecture Technical Exchange Meeting

Wednesday, November 13, 2019 to Thursday, November 14, 2019

The NIST National Cybersecurity Center of Excellence (NCCoE) and the Federal CIO Council hosted a two-day Technical Exchange Meeting on Zero Trust Architectures on November 13-14, 2019.

Over the past year, NIST NCCoE cybersecurity researchers have had the opportunity to work closely with the Federal CIO Council, federal agencies, and industry to address the challenges and opportunities for implementing zero trust architectures across U.S. government networks. This work has resulted in publication of draft NIST Special Publication (SP) 800-207, Zero Trust Architecture. Through this event, we built on previous work and took steps to further strengthen relationships among industry and government to address gaps and advance the state of readiness of zero trust architectures.

Meeting Goals

Through collaboration with this community, the NCCoE and the Federal CIO Council:

  • provided a forum for critical decision makers and stakeholders to enumerate zero trust cybersecurity requirements and challenges for federal networks/systems
  • shared current successes, best practices, and lessons learned in implementing zero trust in the federal government and the commercial sector
  • provided a setting for government and industry to connect, network, and share big-picture federal needs and ideas around zero trust in a “no sales pitch” environment
  • gathered feedback from key zero trust stakeholders on current NIST efforts in NIST SP 800-207, Zero Trust Architecture, and areas where NIST and the Federal CIO Council are best suited to support zero trust efforts moving forward


The following presentations were given during the two-day event:

Workshop on Cybersecurity Online Informative References

Tuesday, December 3, 2019

The National Institute of Standards and Technology (NIST) invites you to attend a Cybersecurity Online Informative Reference (OLIR) workshop which will be held on December 3rd, 2019, at the National Cybersecurity Center of Excellence.

NIST invites industry subject matter experts and early adopters to share their views of the OLIR program, discuss potential opportunities and challenges affecting authoritative cybersecurity data-mapping, and offer industry-recommended practices for correlating cybersecurity-related data.


The purpose of this NIST OLIR cybersecurity workshop is to present the NIST Cybersecurity Online Informative References Program, the reference data currently and potentially generated for the repository, highlight the work of early adopters, identify existing industry recommended practices for correlating cybersecurity-related data, and understand potential opportunities and challenge areas affecting authoritative cybersecurity data-mapping. The findings from the workshop will inform the development of the OLIR reference repository and NIST guidance for the use and adoption of these data resources.

The three main drivers for the OLIR program are also its primary objectives: 1) to apply greater scientific and mathematical rigor to cybersecurity guidance, 2) to create an integrated and actionable NIST guidance reference resource inclusive of maintained data sources, and 3) integrate NIST-supported United States Government (USG) legislative and administrative project responsibilities. By achieving these main drivers, the program creates a more standards-based, consumable reference set of NIST guidance as related to itself and other government, industry, and academia-produced cybersecurity products, guidance, services, and education.


At its core, the OLIR program provides a forum and format for cybersecurity subject matter experts to make mathematics and logic-based relationship assertions between their framework, document, or product and the Cybersecurity Framework (CSF) in a simple format defined by NIST Interagency Report (IR) 8204, Cybersecurity Framework Online Informative References (OLIR): Specification for Completing the OLIR Template, which was established to provide guidance to Informative Reference developers for completing and submitting Informative References for inclusion within the OLIR catalog.

At the workshop, NIST will introduce the OLIR program and the associated processes and procedures documented within NISTIR 8204 as well as highlight existing Informative Reference data within the OLIR catalog from early adopters. NIST will gather feedback regarding the current instructions and definitions detailed within the NISTIR and use this information to mature the evolution of the OLIR catalog and current and future guidance. 

Questions about the workshop should be sent to:

Registration is Open

To register for this free workshop, please complete this short form by November 26th, 2019.  The workshop will be limited to 100 registrants.

For our international visitors, registration is suggested as soon as possible to allow for the registration process. Please download the file and fax the hard copy to (301-975-8670). Once the form has been faxed, email to confirm receipt.



Date: Tuesday, December 3rd, 2019

Time: 9:30 a.m. – 12:00 p.m.

Location: National Cybersecurity Center of Excellence, 9700 Great Seneca Hwy, Rockville, MD 20850


8:30am – 9:00am

Check-in, NCCoE Lobby

9:00am – 9:10am

Welcome & Introduction to NIST

9:10am – 9:50am

Online Informative Reference (OLIR) Program Briefing & Website Demonstration

9:50am – 10:10am

Program Briefing Q & A

10:10am – 10:25am


10:25am – 11:15am

Technical Panel - Perspective from OLIR Program Early Adopters Panelists

11:15am – 12:05pm

Industry Panel - Perspective from Industry Partners Panelists

12:05pm – 12:30pm

 Closing Remarks and Q&A


End of Workshop

Information Protection and Data-Centric Security Management: Data Classification Workshop

Thursday, October 24, 2019

The purpose of this workshop is to discuss the challenges and opportunities with data classification in the context of data management and information protection to support various business use cases. The outcome of the workshop will help the National Institute of Standards and Technology (NIST) develop a National Cybersecurity Center of Excellence (NCCoE) demonstration project that may be divided into multiple phases to support the full life cycle of managing information security at the data level and demonstrating compliance. We recognize that policies and controls are necessary to secure the data, but the initial scope of this project will focus on classification.


Data Classification

There are a few NIST guidelines and practices for data security, but data classification—a key foundational element—is not well defined. Data classification is a mechanism to help organizations determine the type of data, its criticality with respect to a categorization schema, the adequate access level, and the level of protection.

Data classification is an activity that is often overlooked. And, there is limited guidance available covering taxonomy, methodology, and practical approaches to help organizations discover, classify, and label data. Several challenges related to data discovery and classification are driven by the fact that:

  • Data is everywhere—on devices (e.g., laptops, desktops, mobile) and in applications running in an on-premise and/or outsourced environment, and/or in the cloud.
  • Relying on end users to identify and classify is error prone and often incomplete.
  • There is a lack of common definitions and understanding of classifiers, which results in the same information potentially being classified and labeled in a contradictory manner.
  • Lack of persistence of the label in the Information that are interoperable across various vendor technology clients and tamper detectable.
  • There are inconsistent global standards across technologies and industries.

About the Workshop

During the workshop, NIST will present a summary of existing and ongoing work related to data classification, data security, data-centric threat modeling, and zero-trust architecture. Next, industry and other parties will present their views of the challenges in data discovery and classification, and recommended approaches and practices to address the challenges with managing the security of the data throughout its lifecycle driven by the business use cases to support the organizations’ mission. NIST welcomes input from workshop participants on all aspects of the planned NCCoE demonstration project, including the proposed scope, use cases, technologies to be considered, and sources of specifications and guidance. NIST will use the findings and feedback received from the workshop to develop a project description that will be released for public review. Then, NIST will solicit organizations to directly collaborate on the technical project and development of its outputs.

A final agenda is coming soon.

Register Today!

The workshop is free and open to the public; however, advance registration is required. Please complete this short form by October 21, 2019.

For our international visitors, registration is suggested no later than October 17, 2019, to allow for the registration process. Please download this file and fax the hard copy to 301-975-0321. Once the form has been faxed, email to confirm receipt.


Date/Time: Thursday, October 24, 2019. Check-in begins at 8:30 a.m. The formal program begins at 9 a.m. and concludes at 1 p.m.

Location: NCCoE, 9700 Great Seneca Highway, Rockville, Maryland 20850

Dress: Business Casual

Note: This is not a virtual event. You must join us in person at the NCCoE to attend this event.

Questions? Please email your questions to

Workshop on 5G Cybersecurity: Preparing a Secure Evolution to 5G

Thursday, October 10, 2019


Workshop Objectives 

The National Institute of Standards and Technology (NIST) hosted a workshop that was open to the public, on 5G cybersecurity on October 10, 2019 at the National Cybersecurity Center of Excellence (NCCoE) . The purpose of the workshop was  to explore the practical and implementable cybersecurity capabilities delivered by 5G systems, identify existing industry recommended practices for securing the supporting infrastructure and technologies, and understand potential opportunities and challenge areas affecting this evolution to 5G. The findings from this workshop will inform the development of potential NCCoE demonstration projects to leverage 5G cybersecurity capabilities and supporting technologies to protect the cellular communication network in addition to securing core 5G underlying infrastructure and services.


As 5G technology is deployed in our nation and across the world, there is great promise of positive change in the way humans and machines communicate, operate, and interact in the physical and virtual world. With cellular technology becoming the primary way devices are connected, it is imperative for organizations to understand and address the risks associated with the use of these technologies. As industry embarks on ubiquitous 5G deployments, there are opportunities to take advantage of the various cybersecurity technologies and capabilities that are available today. 5G introduces the concept of a Service Based Architecture for the first time in cellular networks. This design has fundamental impacts on the way network services are created and how the individual Network Functions communicate – not only is the core network decomposed into smaller functional elements, the communication between these elements is also expected to be more flexible, routed via a common service bus and deployed using virtualization technologies. It is envisioned that 5G network components are deployed on a hyper scalable containerized and virtualized infrastructure. While this is not the only approach for 5G deployments, this infrastructure is a fundamental building block of 5G that operators and manufacturers can adopt to meet customers’ demand of modern use cases. Secure deployment of the core network and radio access network services on cloud-like infrastructure constitutes a foundational element of both commercial and private 5G networks.

During the workshop, NIST introduced some notional ideas of a high-level reference architecture, supporting components of 5G deployments, and a proposed preliminary approach for gathering the existing cybersecurity guidance to develop practical practices that can be instantiated as potential NCCoE demonstration projects.

NIST invited industry subject matter experts and practitioners to present their views related to cellular security enhancements, deployment challenges and opportunities introduced with new service-based architecture of 5G technology, as well as proposed solutions. The workshop provided an opportunity for participants to share ideas about this work related to the evolution to 5G networks to include technologies and best practices that will be critical to a successful and secure deployment and operation of the network. Workshop participants also provided feedback on all aspects of the planned activities to include: relevant standards, guidelines, best practices, use cases and technologies to be considered, and sources of specifications and guidance. NIST is using the resulting prioritized list of activities to help accelerate the demonstration of the next generation cellular networks along with their supporting technologies that can be deployed and operated securely by default.


The following presentations  were given during the workshop:

-NCCoE Overview - See the agenda & presentation

- Cisco - See the presentation

-Intel - See the presentation

- Nokia - See the presentation

-T-Mobile - See the presentation


Questions? Please send an email to



Cyber Supply Chain Risk Management (C-SCRM): Validating the Integrity of Server and Client Devices

Tuesday, September 10, 2019

NIST’s NCCoE is developing a demonstration project to identify the perceived issues and challenges in supply chain assurance. When a device’s supply chain is compromised, the security of that computer device can no longer be trusted, whether it is a laptop, desktop or server. A primary focus of the workshop and subsequent NCCoE demonstration project is to explore methods by which organizations can verify that their purchased computing devices’ internal components are genuine and have not been altered during the manufacturing and distribution process or after sale from a retailer. During the workshop, NIST will present its preliminary plans for this project and subject matter experts in the field will present on their views of the challenges in supply chain assurance and/or enabling technologies and best practices to address perceived challenges. The resulting project hopes to also verify that components have not been tampered with nor otherwise modified through the retirement of the computing device.

NIST explicitly solicits input from workshop participants on all aspects of the planned NCCoE demonstration project including the proposed scope, use cases and technologies to be considered, and sources of specifications and guidance. Once the project description is finalized, NIST will solicit organizations to directly collaborate in the technical project and the development of its outputs.

We would like to welcome you to subscribe to our community of interest mailing list where we will announce future updates and events on our project. To receive periodic updates about the process and opportunities to engage, subscribe to NIST’s NCCoE Supply Chain Assurance community of interest here.


Workshop Agenda (subject to change)

8:30 - 9:00 a.m. Check-In, NCCoE Lobby
9:00 - 9:15 a.m. Safety Brief / Intro to NCCoE
9:15 - 9:30 a.m. Cyber Supply Chain Risk Management Overview
9:30 - 9:45 a.m. NCCoE Project Description Overview
9:45 - 9:55 a.m. Trusted Computing Architecture
9:55 - 10:10 a.m. Break
10:10 - 11:35 a.m.

Industry Session with invited speakers from:


Hewlett Packard, Inc.


Hewlett Packard Enterprise



Eclypsium, Inc.

11:35 a.m. - 12:05 p.m. Industry Panel Q&A
12:05 - 12:30 p.m. Wrap-up

Questions about the workshop should be sent to:


The following presentations from the industry day have been approved for public release.



Hewlett Packard, Inc.

Hewlett Packard Enterprise



Eclypsium, Inc.

Trusted Computing Group



Mark Boucher, Intel

Mark Boucher is the chief architect for Compute Lifecycle Assurance at Intel.  He has more than 15 years of Supply Chain software and process experience, and has been architected large scale enterprise solutions for the past decade.


Jim Mann, Hewlett Packard, Inc.

Jim Mann is an HP Distinguished Technologist and Security Strategist in the Office of the Chief Engineer.  He leads the company’s product security quality and governance, talent management and education, serves as a key technical resource for HP business units in bringing secure products to market, and is a co-lead for HP’s Supply Chain Risk Management Compliance Function.  Mann is active in numerous industry consortia activities and private-public forums related to security, and serves on the Board of Directors and as a co-chair of the Cyber Resilient Technology Workgroup for the Trusted Computing Group.  He was also a technical contributor to NIST SP 800-147/B (now ISO 19678) and SP 800-193, was a co-author on the Open Group Trusted Technology Provider Standard (now ISO 20243), and is participating in the DHS ICT Supply Chain Risk Management Task Force.


Jon Amis, Dell Technologies, Inc.
Jon Amis is the Supply Chain Assurance Program Director for Dell Technologies, Inc. and has had the responsibility for the development of the Dell program for ten years.  He has served in various roles at Dell over the past 19 years within Manufacturing Engineering, Supply Chain and Logistics.  Jon currently represents Dell on several key public-private partnerships and industry forums that focus on the integrity, security, and assurance aspects supply chain risk management, to include the Department of Homeland Security (DHS) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, The Open Group Trusted Technology Forum, the Supply Chain Risk Leadership Council (SCRLC), and the Software and Supply Chain Assurance Forum (SSCA).

Jon graduated from the United States Military Academy at West Point in 1990 with a Bachelor of Science degree in Systems Engineering and went on to serve as an Infantry Platoon Leader and Executive Officer with the 101st Airborne Division.  After leaving the Army, he earned a Master of Engineering degree with Highest Honors in Industrial Engineering at the University of Louisville.  Prior to joining Dell, he was an engineer for FedEx Ground.  Jon lives with his wife, Lori, and their two children just north of Nashville, Tennessee.  


CJ Coppersmith, Hewlett Packard Enterprise

CJ Coppersmith is presently driving secure development lifecycle and maturity assessment methodology, as well as security architectural standards and compliance, and vulnerability analysis and response across HPE. Previously Coppersmith drove HPE development environment, SOA and Linux strategy for the corporation.

Coppersmith brings over 30 years in the IT industry, covering security, various aspects of development operations, and technology incubation. Coppersmith was CTO for Compaq’s Alpha Division, leading the J2EE and middleware strategy for the division. While working for Digital Equipment Corporation, he worked as the Technical Point of Contact between Digital and the National Computer Security Center, and was certified as a Vendor Security Analyst (VSA) by the Center. He led several NCSC Operating System Security Evaluations as well as leading several overall operating system releases.

Coppersmith holds Bachelor of Science degrees in Biology and Chemistry from Allegheny College and the University of Pittsburgh, respectively, and a Master of Science degree in Computer Systems Engineering from Northeastern University.


Chirag Shroff, Cisco Systems, Inc.

Chirag Shroff is a Principal Engineer with Cisco's Security and Trust Organization where Trustworthy Technologies are at the heart of his work. As principal engineer, Mr. Shroff is responsible for Trustworthy Systems architecture and technology innovation, including threat response, intelligence and engineering development that enhances the security of Cisco's product portfolio.

Mr. Shroff has held various leadership roles at Cisco as a senior technical leader and hardware manager, encompassing the fields of global government solutions engineering, hardware assurance and resilient systems architecture. During his 19 years at Cisco, he has made a tremendous impact on security engineering. Mr. Shroff is highly regarded as a trusted security partner and advisor to Cisco product teams, global government standards organizations, and worldwide key technology suppliers. His passion, talent, and dedication to innovation have resulted in several security and networking patents.

He holds a Master of Science degree in Electrical Engineering from California State University, Northridge and a Bachelor of Science degree in Computer Engineering from the Gujarat University, India.


Monty A. Forehand, Seagate Technology

Monty Forehand is Product Security Officer and Managing Technologist of the Product Security Office at Seagate, leading the security assurance of products, operations, and life-cycle across all Seagate business lines.  He has held a variety of leadership positions in Embedded System Architecture, Security and VLSI Architecture, Security Portfolio Delivery, Research, Technology, and Architecture over a 29 year career at Seagate,

Forehand is a frequent industry and government speaker and a pioneer in the secure storage industry leading the delivery of the world’s first fully integrated Self Encrypting Drive (SED), and other firsts including security and Cybersecurity in all Seagate Products, Worldwide Security Standards, Certified Security Products and Certified Life-Cycle. He continues leading the proliferation of Seagate Secure, Data Security, and a Trusted Digital Life Cycle worldwide, and into the Digital Transformation, IT 4.0, and the Edge.

Forehand holds master’s and bachelor’s degrees from Oklahoma State University in electrical and computer engineering, with emphasis on artificial intelligence.  He holds 26 patents in the areas of Machine Vision, Electronics Systems, Storage Virtualization, and Embedded Security and is a two-time recipient of the Seagate Technology Hall of Fame Award along with the top technology achievement award.


John Loucaides, Eclypsium Inc.

John has extensive history in hardware and firmware threats from experience at Intel and the United States government. At Intel he served in Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government. He has presented and given training on firmware security at multiple events including DEFCON, CanSecWest, Ruxcon, and other security conferences.


Lawrence Reinert, Department of Defense

Lawrence Reinert is a senior systems engineer with the Department of Defense actively involved with open source projects dealing with device integrity. Many of those projects have utilized the Trusted Computing Groups (TCG) defined supply chain artifacts. As a member of the Infrastructure Working Group Lawrence has been working with the TCG to provide standards based methods to help mitigate supply chain risk and to promote confidence in procurement.


Registration is closed.

Thank you for your interest in the event! Registration has reached capacity, and is now closed.



Tuesday, September 10, 2019 8:30 a.m. – 12:30 p.m.

The NCCoE 9700 Great Seneca Hwy Rockville, MD 20850

Security for IPv6 Enabled Enterprises

Thursday, June 13, 2019

The NCCoE hosted a workshop on Security for IPv6 Enabled Enterprises on Thursday June 13, at 8:30 a.m. in Rockville, MD.

NIST’s NCCoE is developing a project plan to examine and demonstrate the state of security technologies and guidance specifications for IPv6 enabled enterprises. A primary focus of the workshop and subsequent NCCoE demonstration project is to examine the extent to which current commercially available security technologies can support wide scale deployment and use of IPv6 in a range of enterprise use case scenarios. Initially the project will focus on dual-stack deployments and then in subsequent follow on efforts, focus on IPv6-only deployments. Another focus of the proposed proof-of-concept project will exercise and evaluate existing IPv6 security guidance from NIST and the Internet Engineering Task Force. It is anticipated that outcomes of the project will inform updates to future NIST guidelines and recommendations.

NIST explicitly solicits input from workshop participants on all aspects of the planned NCCoE demonstration project including the proposed scope, use cases and technologies to be considered, and sources of specifications and guidance.  Once the project description in finalized NIST will solicit organizations to directly collaborate in the technical project and the development of its outputs.

For more information on the workshop, see the call for participation.


View the presentations given during the workshop:  

- Kevin Stine, NIST, Introduction to NIST

- Doug Montgomery, NISTIdentifying and Removing Barriers to IPv6 Development

-Dawn Bedard, Microsoft, Microsoft Corporate Network: Journey to IPv6                                

Col. Keith Repik, Department of Defense, IPv6 Context and Way Ahead

-Lee Howard, Retevia, IPv6 Motivations and Obstacles

--John Burns, Wells Fargo, IPv6 Adoption at a Large Enterprise


Thursday, June 13, 2019


8:30-9:00             Check-in, NCCoE Lobby

9:00-9:15              Welcome & Introduction to NCCoE, Kevin Stine, NIST

9:15-9:30              Identifying and Removing Barriers to IPv6 Development, Doug Montgomery, NIST

9:30-10:45           Enterprise Challenges

                                -IPv6 Motivations and Obstacles, Lee Howard, Retevia

                                -IPv6 Adoption at a Large Enterprise, John Burns, Wells Fargo

10:45-11:00         Break

11:00-12:00         Enterprise Challenges

                                -Microsoft Corporate Network: Journey to IPv6, Dawn Bedard, Microsoft

                                -DoD IPv6 Context and Way Ahead, Col. Keith Repik, Department of Defense

12:00-12:15         Break

12:15-1:00           Breakout Sessions – Identifying Barriers to Deployment

1:00-1:30             Readouts, Next Steps

1:30                      Formal Program Ends

2:30-3:30        *Optional: Informal Discussion with NCCoE Regarding Potential Project Scoping and Collaborations


The NCCoE is located on:
9700 Great Seneca Hwy
Rockville, MD 20850


Mitigating IoT-Based DDoS Industry Day

Wednesday, April 10, 2019

Members of the Mitigating IoT-Based DDoS project team held an Industry Event on April 10, 2019, at the NCCoE. Thanks to everyone who joined us to learn firsthand about the important work the team is doing to strengthen the security of IoT. The presentations below were given at the Industry Day event. 


To stay current on our progress, join the Mitigating IoT-DDoS project's Community of Interest by sending an email to:

Security Workshops at Intermountain, Park City, UT

Tuesday, April 24, 2018 to Wednesday, April 25, 2018

Join the NCCoE for a series of events hosted by NH-ISAC & Intermountain Healthcare. Attendees will have a chance to collaborate with other healthcare providers, medical device manufacturers and payers in a series of free interactive forum. NCCoE staff will take part in Collaboration with Health Systems and Ongoing Initiatives at the NCCoE from 11:10 am to 11:40 am on April 20. To view a full agenda, visit the NH-ISAC site.

CXO Roundtable: Industrial Control Systems (ICS) Cybersecurity Challenges

Wednesday, June 27, 2018

The National Cybersecurity Center of Excellence (NCCoE) invites you to join us on Wednesday, June 27, 2018 from 9 am - 12 pm. for a CXO Roundtable to share your thoughts on the challenges and potential solutions around malware and industrial IoT (IIoT) for sectors that depend on ICS for their core operations. 

This roundtable will consist of a dozen stakeholders across industry, government, and academia to encourage highly interactive dialogues–giving each individual an opportunity to share his or her thoughts on ICS cybersecurity challenges and to showcase his or her expertise in helping solve those challenges.

The discussion will be broken into two parts and will focus on two key questions:
•    What do you consider to be the crux of the challenge in securing ICS given the increasing prevalence of industrial IoT and malware?
•    From an ICS cybersecurity technology or solutions standpoint, what do you believe can be useful or relevant to address these challenges, and what do you consider to be overstated?  

What to expect:
•    Collaborative engagement with problem solvers, innovators, and thought leaders 
•    Dynamic exchange on today’s cybersecurity challenges 
•    Insightful conversation on physical, operational, and information technologies

Seating is limited. Register today.

Host: Jim McCarthy, Energy Program Lead, National Cybersecurity Center of Excellence
Moderator: Pete Tseronis, Former Chief Technology Officer at U.S. Departments of Energy and Education
Cost: This workshop is complimentary. Coffee and light snacks will be provided.