The National Institute of Standards and Technology is starting two projects focused on data security and confidentiality best practices, according to a notice published in the Federal Register of the US Government last week.
Under its Data Confidentiality Building Block, the institute’s National Cybersecurity Center of Excellence (NCCoE) is asking the industry to get involved in cybersecurity efforts to “provide products and technical expertise to support and demonstrate security platforms.”
NIST, a non-regulatory agency of the United States Department of Commerce, has introduced two concomitant projects: ‘Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches,’ which investigates methods to detect and safeguard data confidentiality, and ‘Data Confidentiality: Detect, Respond to, and Recover from Data Breaches’ to advise companies about best practices to contain and mitigate confidentiality breaches.
When the projects are complete, a guide will be released for companies to understand how to approach data confidentiality breaches and how to build their security strategy to prevent this type of breach. The project is expected to start no earlier than March 5, as the organization is waiting for interested technology companies to reach out and join the building block by filling out a letter of interest.
If interested in both projects, then two separate letters are to be submitted, and all tools and components mentioned need to be “commercially available.” The tools and components cover:
• network protection, mapping, segmentation and protection.
• browser isolation.
• data management, discovery, inventory and protection.
• file- and system-level encryption.
• anomalous activity.
NIST is also looking for tools and methods to protect against confidentiality attacks on hosts, the network and enterprise components, among others.
In the past, NIST focused on data integrity-related attacks. NCCoE is a public-private partnership between industry experts, government and academia that is working on integrated cybersecurity tools and technologies for IT systems. The goal is to build trust in U.S.-based IT communications, data and storage systems, lower risk and promote the growth of cybersecurity services that will not only solve security issues and also create jobs.
Trust at the edge
Outside of the efforts at NIST, a number of organizations have recently joined forces to develop solutions to build trusted systems for edge computing. For example, last year the Linux Foundation partnered with industry players to start an open-source project called Project Alvarium. Project Alvarium introduced the concept of a Data Confidence Fabric (DCF) which refers to building a trust fabric in data transfers by leveraging integrated algorithms and open APIs.
With system memory attacks on the rise, the Confidential Computing Consortium is the latest cross-industry community, focusing on developing security for sensitive data at the edge and in public clouds. While at-rest and in-transit encryption have been a top focus in cloud computing, CCC insists confidential computing can deliver in-use encryption of sensitive data, without compromising it.
data governance | encryption | Linux Foundation | NIST | privacy | security | standards