NCCoE
 |
|
| Agency overview | |
|---|---|
| Formed | February 21, 2012 |
| Headquarters |
Rockville, Maryland United States |
| Website | nccoe.nist.gov |
The National Cybersecurity Center of Excellence (NCCoE) is a US government organization that builds and publicly shares solutions to cybersecurity problems faced by U.S. businesses. The center, located in Rockville, Maryland, was established in 2012 through a partnership with the National Institute of Standards and Technology (NIST), the state of Maryland, and Montgomery County. The center is partnered with nearly 20 market-leading IT companies, which contribute hardware, software and expertise.
The NCCoE asks industry sector members about their cybersecurity problems, then selects issues that affect an entire sector or reaches across sectors. The center forms a team of people from cybersecurity technology companies, other federal agencies and academia to address each problem. The teams work in the center’s labs to build example solutions using commercially available, off-the-shelf products. For each example solution, the NCCoE publishes a practice guide, a collection of the materials and information needed to deploy the example solution, and makes it available to the general public. The center’s goal is to “accelerate the deployment and use of secure technologies” that can help businesses improve their defenses against cyber attack.
The NCCoE is part of NIST, a non-regulatory federal agency within the U.S. Department of Commerce that develops measurement standards and conducts research in measurement science. According to the NIST website, the Federal Information Security Management Act of 2002 (FISMA) “reaffirmed NIST’s role of developing information security standards (Federal Information Processing Standards) and guidelines for non-national security federal information systems and assigned NIST some specific responsibilities, including the development of: Standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levels; Guidelines recommending the types of information and information systems to be included in each category; and Minimum information security requirements (management, operational and technical security controls) for information and information systems in each category.” Many private sector organizations voluntarily adopt these standards, guidelines and security requirements. As a NIST center, the NCCoE is an applied space for the demonstration of standards-based approaches to cybersecurity.
...
Wikipedia