Vendors Sought to Develop Model System for Identity and Access Management for Financial Services Companies

The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators on an effort to demonstrate an identity and access management system for financial services organizations. Current identity and access systems employed by the financial sector sometimes operate in isolation from one another, or cannot be integrated because the parts are incompatible. Operation is thus complex and prone to errors and inconsistencies can be exploited by attackers or insider threats. In addition, this situation makes it even more difficult for businesses to securely embrace new technologies such as mobile and cloud computing. Participants in this project would provide products and technical expertise to link together the management of existing disparate identity and access mechanisms and systems into a comprehensive identity and access management (IDAM) system.

This project is one of two current center efforts focused on the financial services sector. Details of the challenge are laid out in an NCCoE “use case” that defines specific function requirements of the desired system. The center invited public comment on a draft version of the use case in 2014 and used that input to develop the final version.

Participating technology providers will provide commercially available products to serve as modules in an end-to-end sample solution. NIST will not endorse particular products, but will use them as references that provide certain capabilities and conform to existing standards. To adopt this IDAM system, members of the financial services sector can use similar products with the same capabilities. 

The project also will result in a freely available NIST Cybersecurity Practice Guide that includes a materials list and instructions for implementing the reference design. The NCCoE will seek the public's feedback on reference designs, and improve them accordingly.

Companies interested in participating in the reference design project must submit a letter of interest in which they outline their proposed contribution. Full details of this process are published in a Federal Register notice (docket number 150318278-5278-01) at https://federalregister.gov/a/2015-07590. Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST.