Launch of NCCoE Medical Devices Use Case

Wednesday, December 17, 2014

The National Cybersecurity Center of Excellence (NCCoE) and the Technological Leadership Institute (TLI) at the University of Minnesota, in collaboration with members of the medical devices manufacturing and user community, have drafted a use case focused on the security of wireless medical infusion pumps. The two organizations will officially launch the new use case at an event on Thursday, December 18, 2014 in Minnesota. Gavin O’Brien, the NCCoE project leader for this use case, will attend, along with the leadership of the TLI and Minnesota Congressman Erik Paulsen. The use case will be available for public comment on the NCCoE website beginning on December 18.

7:30 - 9:00 a.m.

McNamara Alumni Center
University of Minnesota
200 SE Oak St
Minneapolis, MN 55414

There is no fee to attend. Please register at

Startup Maryland Bus at NCCoE

Tuesday, September 30, 2014

On Wednesday, October 1, 2014 from 9 to 11 a.m., the Startup Maryland bus will stop at NIST’s National Cybersecurity Center of Excellence and Institute for Bioscience and Biotechnology Research. Startup Maryland is a regional initiative to promote new business ventures. The Startup Bus is a mobile video studio where entrepreneurs can record pitches about their companies and products, which will be viewed and judged by potential investors. This stop will focus on the life sciences and cybersecurity. Learn more about the Startup Maryland bus and how to register to pitch your idea.

NCCoE Workshop on Software Asset Management

Wednesday, December 4, 2013

December 5, 2013
9 am - 3 pm

9600 Gudelsky Drive
Rockville, MD 20850

This workshop will review and conduct a deep dive into the Continuous Monitoring Software Asset Management (SAM) Building Block. The building block proposes techniques for meeting SAM challenges. SAM, as envisioned in this building block, requires a standardized approach that provides an integrated view of software throughout its lifecycle. Such an approach must support the following capabilities:

  1. Authorization and verification of software installation media  
  2. Software execution authorization 
  3. Publication of installed software inventory 
  4. Software inventory-based network access control 

The NCCoE and NIST Computer Security Division, in collaboration with Department of Homeland Security, General Services Administration, and National Security Agency, have developed a proposed building block. The authors encourage you to review the document prior to the workshop to facilitate building block discussion and the exchange of ideas.


This workshop is oriented to security researchers, security practitioners, system integrators, and other parties interested in developing solutions that address the following challenges: 

  • Verifying the identity of the software publisher providing installation media
  • Verifying that installation media is authentic and hasn’t been tampered with
  • Determining what software is installed and in use on a given endpoint device including legacy and end-of-life products
  • By process of elimination, determining software that is installed on an endpoint device that was not deployed using authorized mechanisms
  • Restricting execution of software that was not installed using authorized mechanisms. 
  • Identifying the presence of software flaws in installed software
  • Determining if patches are installed on an endpoint device or if additional patches need to be deployed to remedy software flaws


9:00-9:45 am
Overview of the National Cybersecurity Center of Excellence

9:45-10:15 am
Building Block overview and business drivers

Building Block deep dive

Noon–1:30 pm
Lunch on your own

1:30–3:00 pm
Q/A and next steps 

To confirm your attendance at this workshop send an email with your name, title, and organization to

Please download and review the building block document prior to the workshop.

Whether or not you attend the workshop, we welcome your comments. Send your feedback regarding this building block to


State and Local Government Cybersecurity Framework Kickoff

Wednesday, March 26, 2014

State and local CIOs and CISOs are invited to the National Cybersecurity Center of Excellence to learn about resources for the implementation of the Framework for Improving Critical Infrastructure Cybersecurity, Executive Order 13636. The Framework provides a structure that state and local governments can use to create, guide, assess or improve comprehensive cybersecurity programs.

The National Institute of Standards and Technology (NIST) released version 1.0 of the Framework on February 12, 2014. The release of the Framework marks the beginning of several areas of follow-on work to develop tools to help state and local governments implement the Framework, integrating and leveraging existing cyber efforts. The goal of this meeting is to lay out a plan of work for organizations assisting state and local government information officers and prioritize tasks for the coming year.

Join us at the NCCoE:

Thursday, March 27, 2014
8:00 a.m. to 12:30 p.m.

9600 Gudelsky Drive
Rockville, MD 20850

This event, which will also be available as a webinar, will include information about

To register, indicate whether you will view the webinar or attend in person, and email your name and affiliation to