The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology invites vendors of technologies for identity and access management to address cybersecurity challenges in the electric power sector in collaboration with the NCCoE.
This effort will respond to the problem described in the NCCoE use case, “Identity and Access Management,” which was posted for public comment in July 2013 and has been revised according to that feedback. In summary, to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control system networks and systems. They need to be able to authenticate the individuals and systems to which they are giving access rights with a high degree of certainty. In addition, energy companies need to be able to enforce access control policies (e.g., allow, deny, inquire further) consistently, uniformly and quickly across resources.
The NCCoE published a notice in last Tuesday's issue of the Federal Register that describes the process for companies to request a template for a letter of interest, which outlines their proposed contributions. Companies that are selected to participate will enter into a cooperative research and development agreement (CRADA; see an example) with NIST.
To learn more about the product capabilities that the NCCoE seeks to apply to the Identity and Access Management use case for the energy sector, see the Federal Register notice.