Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NCCoE Releases Two Data Confidentiality Draft Project Descriptions
June 24, 2019

Summary

The National Cybersecurity Center of Excellence (NCCoE) is announcing the release of two new data confidentiality draft project descriptions. We are requesting your feedback on these drafts to help refine the challenge and scope of each project. The comment period is now open and will close on July 29, 2019.

Without doubt, an organization’s data is one of its most valuable assets and must be protected from unauthorized access and disclosure. Even small breaches can undermine the organization’s work and success and lead to severe reputational damage.

The NCCoE is proposing two projects to provide guidance and reference architectures that will assist organizations in identifying and protecting information from threats to data confidentiality and in detecting, recovering from, and responding to data breaches. We have chosen to address data confidentiality in two parallel projects to provide modular, adaptable guidance rather than an all-or-nothing approach. In addition, the two projects will allow for multiple scenarios for preventing and reacting to a data breach or other loss of data confidentiality event.

Details

Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches

This project will provide guidance on measures such as data protection, access controls, network protections, and other potential defenses to help organizations secure information from unauthorized access and disclosure. The solution will use security controls that adhere to the National Institute of Standards and Technology (NIST) Cybersecurity Framework and industry standards and best practices. The project will result in a NIST Cybersecurity Practice Guide.

The public comment period for this document ends July 29, 2019. See the document details for a copy of the document, instructions for submitting comments, and information about the project.

Data Confidentiality: Detect, Respond to, and Recover from Data Breaches

This project will provide guidance to help organizations detect, respond to, and recover from incidents that affect data confidentiality. The solution will use security controls that adhere to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST Cybersecurity Practice Guide.

The public comment period for this document ends July 29, 2019. See the document details for a copy of the document, instructions for submitting comments, and information about the project.

/////

We value and welcome your input and look forward to your comments. 

The authors will review and adjudicate all comments received before publishing the final version. After these project descriptions are finalized, NCCoE cybersecurity experts will collaborate with vendors of cybersecurity technologies to develop a reference design addressing these challenges.
Created June 24, 2019