NCCoE Releases Final Practice Guide for the Financial Services Sector


Financial institutions deploy a wide array of information technology devices, systems, and applications across a wide geographic area. While these physical assets can be labeled and tracked using bar codes and databases, understanding and controlling the cybersecurity resilience of those systems and applications is a much larger challenge. Not being able to track the location and configuration of networked devices and software can leave an organization vulnerable to security threats.

To address this cybersecurity challenge, NIST's National Cybersecurity Center of Excellence (NCCoE) security engineers developed an example solution that allows an organization to centrally monitor and gain deeper insight into their entire IT asset portfolio with an automated platform. Using open source and commercially available technologies, this example solution addresses questions such as "What operating systems are our laptops running?" and "Which devices are vulnerable to the latest threat?"

The final practice guide, which incorporates comments from the public and other stakeholders, is available for download in PDF or web viewing.