NIST Seeks Public Comments on Improving Cybersecurity and Consumer Protection

By Renee Dopplick, ACM Director of Public Policy
July 6, 2015

NIST’s National Cybersecurity Center of Excellence (NCCoE) is accepting public comments on a workshop report on improving cybersecurity and consumer protection. The workshop coincided with the White House Summit on Cybersecurity and Consumer Protection. NIST has extended the deadline for public comments until July 17.

Stakeholders are strongly encouraged to provide feedback on the priority and scope of the potential projects identified by the workshop participants.

1. Data Integrity Project
This project could explore database integrity, file integrity, system integrity, and the integrity of backups. The scope of the project could include exploring the technologies of auto-journaling file systems, cryptographic file checksums, detailed auditing, virtual machine snapshots, and versioning software. The project might explore how organizations address restoring data, applications, and services after a breach, including how to determine what was altered during a breach.

2. Developer Tools Project
This project could examine how software developer tools and environments are increasing software assurance. The project could look at what tools, development environments, and techniques are securing code and what inherent security benefits and risks exist in current and emergent programming languages.

3. Automated Information Sharing and Incident Response Project
This project could evaluate how trusted and unknown partners might securely and effectively share sensitive data. The scope could include privacy protections, such as automated anonymization. Can protection tools and measures be readily updated through the exchange of standards-based threat indicators?

4. Point of Sale/Payment Cards Project
This project could address current and enhanced security mechanisms for point-of-sale and other payment systems, including touchless payments. The scope could include the types of attack vectors that could be used to circumvent security features, the challenges of wireless environments, and the emergent technologies that could better protect consumer transactions.

5. External Entity Access Project
This project could analyze how external entities access internal IT infrastructures and data. The scope could include data transmissions, encryption, monitoring, and the types of technologies that could be implemented to foster secure connections and business environments.

Read the full report from the Executive Technical Workshop on Cybersecurity and Consumer Privacy.