PIV Derived Credentials for Strong Authentication in Mobile Applications

Wednesday, January 17, 2018

Join this informative webcast with Entrust Datacard, VMware, and  guest presenters from the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology on January 17 at 2pm. Learn how Federal Government Departments can use PIV Derived Credentials to ensure the security of information while accessing mobile based applications (email, VPN, web applications and more). Plus review your options for protecting digital identities through industry-leading, adaptable authentication solutions. 

Both Entrust Datacard and VMware are collaborators in the NCCoE project to build a reference architecture for the use of Derived PIV Credentials.

Bill Newhouse, NIST Security Engineer at the NCCoE
Chris Brown, Mitre Lead for DPC project at the NCCoE
Dan Miller, U.S. Federal Sales at Entrust Datacard
Eugene Liderman, Director of Product Management at VMware


NIST Cybersecurity Guides for the Financial Services Sector: Webinar

Monday, January 23, 2017

Splunk and other partners have been working with NIST’s National Cybersecurity Center of Excellence (NCCoE) to address key challenges in the financial sector.

One project focuses on access rights management, with an example solution that can help financial institutions to more effectively issue, validate, modify, and revoke access rights across their entire enterprise.  

Another project focuses on IT asset management, with an example solution that can enhance the visibility of IT assets and enable faster response to security alerts. 

These efforts have resulted in the publication of two NIST 1800 series publications, which are available for download at: https://nccoe.nist.gov/projects/use-cases/financial-services-sector.

Splunk and NCCoE experts will discuss the example solutions in a webinar on January 23, 2018 at 2pm eastern time. If you can’t attend the webinar in real time, you can still receive the recorded version.

Webinar: Mobile App SSO for First Responders

Thursday, December 7, 2017

On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can deliver the proper care and support during an emergency. This requirement necessitates heavy reliance on mobile platforms while in the field, which may be used to access sensitive information. However, complex authentication requirements can hinder the process of providing emergency services, and any delay—even seconds—can become a matter of life or death.

In collaboration with industry subject matter experts and stakeholders, including members of the FIDO Alliance, NIST’s National Cybersecurity Center of Excellence (NCCoE) is aiming to help PSFR personnel efficiently and securely gain access to mission data via mobile devices and applications using standards-based commercially available and open source products.

In this webinar, the NCCoE’s Bill Fisher will demonstrate their Mobile Application Single Sign-On project, a reference design that integrates FIDO multifactor authentication (MFA) with mobile single sign on (SSO) for native and web applications, designed to help reduce the number of credentials PSFR must juggle and decrease time spent on authentication. The architecture uses FIDO and other standards-based technology to improve interoperability between mobile platforms, applications, and identity providers irrespective of the application development platform used in their construction and to support a diverse set of credentials, enabling PSFR organizations to choose a MFA solution that is both secure and speedy. To learn more about this project before the webinar, visit https://nccoe.nist.gov/projects/use-cases/mobile-sso.

Online Trust Alliance Webinar

Tuesday, November 29, 2016

NIST cybersecurity engineers Scott Rose and Curt Barker will discuss the NCCoE DNS-Based Email Security project at an Online Trust Alliance (OTA) webinar on Tuesday, November 29. Microsoft Corp, a partner in the NCCoE project, invited the NCCoE to this presentation. This webinar is part of the OTA’s monthly cybersecurity presentation series.

Mobile Security Community of Interest Teleconference

Friday, December 9, 2016

The NCCoE will be hosting a conference call for individuals from industry, academy, and government interested in identifying mobile security challenges, providing practical mobile security expertise, and helping guide NCCoE mobile security projects. 

We intend for this Community of Interest to meet once a month for about an hour via teleconference. The first call will be on Friday, December 9 at 2pm ET. A portion of the call will be used to decide a more convenient time for regular Mobile Security Community of Interest meetings. We will also brief on past efforts and solicit input on new areas of interest.

Join online here, or join by phone at 1-855-797-9485 for toll-free, or 1-415-655-0002 for tolled. The meeting number is: 192 124 770. No password is required to access the meeting.

Please note: this is a public working group.

Using Identity to Safeguard the Nation's Critical Infrastructure from Complex Threats

Monday, June 6, 2016

NCCoE senior security engineer Jim McCarthy will be presenting a webinar on Identity and Access Management in conjunction with the energy sector build team collaborator AlertEnterprise on June 7 from 1pm to 2pm ET. In this session hear directly from industry as well as the nation’s leading research organization about techniques they have been developed to extend identity information beyond the traditional purview of IT by including physical access and OT (operational Technology) access to deliver a more holistic view of security. Learn correlating identity and roles-based attributes to determine access to IT systems, facilities and critical operating assets provides a 360-degree view of security to uncover gaps that cannot be identified by IT or Corporate Security alone.

How NIST is Approaching Attribute Based Access Control (ABAC) and Why It Works

Monday, April 4, 2016

NCCoE cybersecurity engineer, Bill Fisher, will discuss how ABAC enables organizations to take into account contextual factors when managing identity and access control, allowing for more granular analysis and therefore better access decisions. 

Hosted by NCCoE partner, NextLabs, the webinar will explore why ABAC is becoming a priority for many organizations and how it can be implemented to reduce the risk of cyber breaches and internal misuse of sensitive information. 

Date: Tuesday, April 5, 2016
Time: 12:00 p.m. ET - 1:00 p.m. ET

Register for this webinar.

Strengthening Cybersecurity in the Financial Sector with the New NIST Practice Guide

Wednesday, January 13, 2016

Splunk has been working with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on an IT asset management system for the financial sector that uses commercially-available products.

The reference architecture, in which Splunk serves as the Operational Intelligence platform, can help financial institutions reduce their risk by enhancing the visibility of assets, identifying vulnerable assets and enabling faster response to security threats.

In this webinar, NCCoE project lead Mike Stone and Splunk's Manish Jiandani will give an overview and demo of the project's reference architecture, as well as participate in a live Q&A session. Click here to find out more about the webinar.