Hi All,
The National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCoE) has issued a Federal Register Notice inviting industry participants and other interested collaborators to participate in the Data Classification Practices: Facilitating Data-Centric Security Management project.
Data-centric security management challenges organizations to know what data they have, what the data characteristics are, and which security and privacy requirements impact this data.
The Data Classification project will develop technology-agnostic recommended practices for defining data classifications and data handling rulesets and for communicating them to others. This project will inform and may identify opportunities to improve, existing cybersecurity and privacy risk management processes by helping with communicating data classifications and data handling rulesets. It will not replace current risk management practices, laws, regulations, or mandates.
Join Us
There are two ways to engage with the project team on this project:
• Become an NCCoE Collaborator-Collaborators are members of the project team and work alongside NCCoE staff to build the demonstration by contributing products, services, and technical expertise. Collaborators are expected to participate in regularly scheduled conference calls and to help build and document the demonstration.
o Get Started Today-If you are interested in becoming an NCCoE collaborator for the Data Classification Practices: Facilitating Data-Centric Security Management project, first review the requirements identified in the Federal Register Notice. If you wish to become a collaborator, you can find the final project description and the Request for Letter of Interest Template on the project page (https://www.nccoe.nist.gov/projects/building-blocks/data-classification). Once you complete the Request for Letter of Interest Template, you will receive instructions and the template where you can identify the capabilities you can bring to the project. Completed submissions are considered on a first-come, first-served basis within each category of components or characteristics listed in the Federal Register Notice, up to the number of participants in each category necessary to carry out the project build.
o Collaborator Selection-The Data Classification project team will review all submissions and may follow up with respondents with questions or to discuss your capabilities. If selected, the project team will notify you via email. Next, you will receive a Cooperative Research and Development Agreement (CRADA) for review and signature. Once the CRADA has been signed, participants can begin working with the NCCoE to develop an example solution for eventual publication in an NCCoE practice guide. This process can take anywhere from several weeks to a few months.
o If you submit a Letter of Interest and are not selected, the project team will notify you via email.
• Join our Community of Interest (COI)-COI members receive periodic updates and the opportunity to share your expertise and help shape this project. Request to join the COI by emailing
[email protected].
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------