Pulse

By GCN Staff

Blog archive

NIST presents building blocks for mobile security

NIST's National Cybersecurity Center of Excellence has proposed two new cybersecurity building blocks, one to help organizations develop capabilities for attribute-based access control, and the other to help address enterprise security issues that result from the use of mobile devices to access company resources.

Building blocks are cybersecurity implementations that apply to multiple industry sectors and are expected to be incorporated into many of the center's sector-specific use cases, the agency said in its announcement.

The draft Attribute Based Access Control building block proposes an identity management system that allows multiple enterprises to exchange and validate employee attributes such as title, division, certifications and training. This would allow an organization like a disaster recovery team to grant a visiting doctor access to a range of hospital resources using risk-based policy enforcement.

The technology demoed in this building block will use commercially available technologies and be modular, allowing organizations flexibility in their implementations based on their network infrastructures. Comments should be submitted to abac-nccoe@nist.gov by March 28, 2014.

The draft Mobile Device Security for Enterprises building block proposes a system of commercially available technologies that provide enterprise-class protection for mobile platforms that access corporate resources.

The building block will examine security technologies that can enable enterprise risk management for users to work inside and outside the corporate network using a securely configured mobile device. It will also incorporate a layered approach that allows enterprises to tailor solutions to their business needs. Comments should be submitted to mobile-nccoe@nist.gov by March 28, 2014.

Posted by GCN Staff on Feb 26, 2014 at 10:03 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.