NCCoE Workshop on Software Asset Management

Wednesday, December 4, 2013

December 5, 2013
9 am - 3 pm

9600 Gudelsky Drive
Rockville, MD 20850
240-314-6800

This workshop will review and conduct a deep dive into the Continuous Monitoring Software Asset Management (SAM) Building Block. The building block proposes techniques for meeting SAM challenges. SAM, as envisioned in this building block, requires a standardized approach that provides an integrated view of software throughout its lifecycle. Such an approach must support the following capabilities:

  1. Authorization and verification of software installation media  
  2. Software execution authorization 
  3. Publication of installed software inventory 
  4. Software inventory-based network access control 

The NCCoE and NIST Computer Security Division, in collaboration with Department of Homeland Security, General Services Administration, and National Security Agency, have developed a proposed building block. The authors encourage you to review the document prior to the workshop to facilitate building block discussion and the exchange of ideas.

Audience

This workshop is oriented to security researchers, security practitioners, system integrators, and other parties interested in developing solutions that address the following challenges: 

  • Verifying the identity of the software publisher providing installation media
  • Verifying that installation media is authentic and hasn’t been tampered with
  • Determining what software is installed and in use on a given endpoint device including legacy and end-of-life products
  • By process of elimination, determining software that is installed on an endpoint device that was not deployed using authorized mechanisms
  • Restricting execution of software that was not installed using authorized mechanisms. 
  • Identifying the presence of software flaws in installed software
  • Determining if patches are installed on an endpoint device or if additional patches need to be deployed to remedy software flaws

Agenda

9:00-9:45 am
Overview of the National Cybersecurity Center of Excellence

9:45-10:15 am
Building Block overview and business drivers

10:15–noon
Building Block deep dive

Noon–1:30 pm
Lunch on your own

1:30–3:00 pm
Q/A and next steps 

To confirm your attendance at this workshop send an email with your name, title, and organization to nccoe_events@nist.gov

Please download and review the building block document prior to the workshop.

Whether or not you attend the workshop, we welcome your comments. Send your feedback regarding this building block to  conmon-nccoe@nist.gov