Date Published: June 2019
Comments Due:
Email Questions to:
Planning Note (06/24/2019):
See the related Draft Project Description, Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches, which is also open for comment through July 29, 2019.
Author(s)
Jennifer Cawthra (NIST), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), Julian Sexton (MITRE), John Sweetnam (MITRE), Anne Townsend (MITRE)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) announces the release of the second of two new Data Confidentiality (DC) draft project descriptions.
This component of the DC suite of publications is entitled Detect, Respond to, and Recover from Data Breaches and seeks to provide the technical capabilities needed by an organization to maintain full awareness of its data as well as mitigate the effects of a data breach. The implementation will include data and network monitoring, event detection, and other potential technologies. The solution will use security controls that adhere to the NIST Cybersecurity Framework and industry standards and best practices.
This project will result in a freely available NIST Cybersecurity Practice Guide in the Special Publication 1800 series. To that end, we are requesting your feedback to help refine the challenge and scope of the project.
An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to detect, respond to, and recover from incidents that affect data confidentiality. The architecture described seeks to provide the technical capabilities needed by an organization to maintain full awareness of its data as well as mitigate the effects of a data breach. The implementation will include data and network monitoring, event detection, and other potential technologies. The project team will create a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices. This project will result in a freely available NIST Cybersecurity Practice Guide.
An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to detect, respond to, and recover from incidents...
See full abstract
An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to detect, respond to, and recover from incidents that affect data confidentiality. The architecture described seeks to provide the technical capabilities needed by an organization to maintain full awareness of its data as well as mitigate the effects of a data breach. The implementation will include data and network monitoring, event detection, and other potential technologies. The project team will create a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices. This project will result in a freely available NIST Cybersecurity Practice Guide.
Hide full abstract
Keywords
data breach; data confidentiality; data loss; data protection; malware; ransomware; spear phishing
Control Families
None selected
