Define
We define a scope of work with industry to solve a pressing cybersecurity challenge.
![Business person expressing opinions to junior and senior colleagues in conference room](/sites/default/files/styles/965xy/public/2021-10/Work%20group_0.jpg?itok=LISYGWBr)
We invite members of the community to talk about their challenges, ask questions, and listen to understand the challenge at hand. During this phase, we publish a draft project description for public comment. We adjudicate the comments and publish a final version to our website that outlines the cybersecurity challenge along with a draft architecture.
Assemble
We assemble teams of industry organizations, government agencies, and academic institutions to address all aspects of a cybersecurity challenge.
![Business person expressing opinions to junior and senior colleagues in conference room](/sites/default/files/styles/965xy/public/2021-10/iStock-1254347556%20%281%29_1.jpg?itok=QMW6SO5c)
We release a Federal Register Notice to announce the opportunity to collaborate and explain what capabilities we are looking for. Potential collaborators respond with a completed Letter of Interest (LOI). Submitted LOIs are accepted on a first-come basis. When the collaborators join our build team, they sign a Cooperative Research and Development Agreement (CRADA) to provide their commercially-available product and their expertise. All our work is open, transparent, publicly accessible, and informed by both the general public and technology providers.
Build
![A photo of NCCoE Engineers working in the Healthcare lab.](/sites/default/files/styles/965xy/public/2022-10/Health%20Lab%202%20766x430.png?itok=peJ-W33y)
We build a practical, usable, repeatable implementation to address the cybersecurity challenge. During this phase, a reference architecture is finalized. The collaborators provide support to install and configure their technologies and then they provide support throughout the build to address issues, such as interoperability.