The NCCoE’s Identity and Access Management use case for the energy sector is now in the build phase. The focus of this project is to help energy company security personnel control physical and logical access to their resources, authenticate with certainty the individuals and systems that have access rights, and enforce access control policies effectively across resources.
In the Lab
In NCCoE Lab 2, senior security engineer Jim McCarthy has been overseeing the installation of secure operating system configurations and some of the project’s core products, and the team is beginning to install operational technology devices (a remote terminal unit).
Meanwhile, the project’s final build architecture was completed, as scheduled, on December 18, 2014 and presented to both the build team and the industry members who first identified this security issue.
The next milestone is to complete product installations by the end of January 2015.
These companies have signed cooperative research and development agreements with NIST. Under the terms of this agreement, vendors provide products and services to be used with this project.
- CA Technologies
- Mount Airey Group
- TDI Technologies
As with other NCCoE projects, this work will result in a publicly available NIST Cybersecurity Practice Guide, which gives members of the technology community the materials list, configuration settings and other information they need to replicate this standards-based approach for themselves.
As the project team progresses toward the practice guide, they will post interim architectures and other documents for your feedback.
Any mention of commercial products is for information only; it does not imply recommendation or endorsement by NCCoE or NIST.