NIST logo
*

Software Asset Management Building Block Workshop

Purpose:

Background:

The National Cybersecurity Center of Excellence (NCCoE) works with industry, academic and government experts to find practical solutions for businesses' most pressing cybersecurity needs. The NCCoE collaborates to build open, standards-based, modular, end-to-end solutions that are broadly applicable, customizable to the needs of individual businesses, and help businesses more easily comply with applicable standards and regulations.

A "Building Block" is a solution that is relevant to many industry sectors, and may be incorporated into multiple use cases that the NCCoE works to provide solutions for.

Continuous Monitoring Building Block:

This workshop will review and conduct a deep dive into the Continuous Monitoring Software Asset Management (SAM) Building Block. The building block proposes techniques for meeting SAM challenges. SAM, as envisioned in this building block, requires a standardized approach that provides an integrated view of software throughout its lifecycle. Such an approach must support the following capabilities:

  • Authorization and verification of software installation media
  • Software execution authorization
  • Publication of installed software inventory
  • Software inventory-based network access control   

NIST's National Cybersecurity Center of Excellence and Computer Security Division, in collaboration with the Department of Homeland Security, General Services Administration, and National Security Agency, have developed a proposed building block. The authors encourage you to review the document prior to the workshop to facilitate building block discussion and the exchange of ideas. 

Audience:

This workshop is oriented to security researchers, security practitioners, system integrators, and other parties interested in developing solutions that address the following challenges:   

  • Verifying the identity of the software publisher providing installation media
  • Verifying that installation media is authentic and hasn't been tampered with
  • Determining what software is installed and in use on a given endpoint device including legacy and end-of-life products
  • By process of elimination, determining software that is installed on an endpoint device that was not deployed using authorized mechanisms
  • Restricting execution of software that was not installed using authorized mechanisms
  • Identifying the presence of software flaws in installed software
  • Determining if patches are installed on an endpoint device or if additional patches need to be deployed to remedy software flaws

Agenda:

9:00-9:45 am Overview of the National Cybersecurity Center of Excellence
9:45-10:15 am Building Block overview and business drivers
10:15–noon Building Block deep dive
Noon–1:30 pm Lunch on your own
1:30–3:00 pm Q/A and next steps
 

Related Project(s):

Download the draft Continuous Monitoring Building Block document "Software Asset Management."

Learn more about the National Cybersecurity Center of Excellence.

Learn more about the NIST Computer Security Division.

Details:

Start Date: Thursday, December 5, 2013
End Date: Thursday, December 5, 2013
Location: 9600 Gudelsky Drive, Rockville, MD 20850
Audience: Industry, Government, Academia
Format: Workshop

Registration:

To confirm your attendance at this workshop send an email with your name, title, and organization to nccoe_events@nist.gov.

NOTE: This event is not on the NIST main campus. It takes place at 
         9600 Gudelsky Drive
         Rockville, MD 20850

Technical Contact: