7 February 2020

How NIST is exploring new data security best practices

Andrew Eversden

The cybersecurity leaders at the National Institute of Standards and Technology want industry help on two new projects related to data confidentiality.

In a Feb. 4 notice in the Federal Register, NIST’s National Cybersecurity Center of Excellence, a hub for private-public collaboration on cybersecurity projects, released its first call for industry to “provide products and technical expertise to support and demonstrate security platforms” for NIST’s work in identifying cybersecurity challenges as part of its Data Confidentiality Building Block.

NIST has launched two new projects under its new building block in an effort to “establish tools and procedures to defend, detect, and respond to data confidentiality events,” NIST officials wrote in the notice.

The first project, “Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches,” seeks to provide practical solutions to identifying and protecting the confidentiality of data.

The second project, “Data Confidentiality: Detect, Respond to, and Recover from Data Breaches,” will provide guidance on handling and recovering from confidentiality breaches.


“The NCCoE chose to address data confidentiality in two parallel projects to provide modular, adaptable guidance rather than an all-or-nothing approach,” according to project fact sheets.

At the end of the project, NIST will publish a cybersecurity practice guide that will outline how to implement steps to protect and detect the data confidentiality breaches.

The data confidentiality projects are a new endeavor for NIST, which creates cybersecurity recommendations for enterprises. Previous projects related to protecting, detecting and responding to attacks on data integrity.

According to the project fact sheet, NIST launched the confidentiality project after stakeholders raised questions about data breaches and preventative technologies they could use to defend against those attacks. Answers to those questions were out of scope of the data integrity project.

Interested parties must contact NIST to receive a letter of interest template. Potential participants must submit a letter for each project and will be considered on a first-come, first-serve basis. The project will begin once enough letter are received, but won’t start sooner than March 5.

No comments: