Bill Newhouse, "Challenges at the NIST National Cybersecurity Center of Excellence"

What kind of projects does one get to lead at an applied
cybersecurity center within the National Institute of Standards and
Technology (NIST)?



This talk will offer insight on the cybersecurity challenges being
addressed by projects

led by the speaker since he began working at the National
Cybersecurity Center of Excellence in 2016. The talk will touch
upon the establishment of collaborative team made up of industry,
academic, and government members for each project, and discuss how
each project leverages a cybersecurity standard or best practice in
the functional reference designs built for each project. Throughout
each phase of each project, we seek to collaborate, share (document
in NIST Special Publication 1800 series practice guides), and
advocate for the adoption of our work.



This talk will offer some insight into the evolving series of NIST
Special Publications known as practice guides (or 1800 series
documents) and how these publications connect with the foundational
NIST Special Publications in the 800series that are often used to
set Federal government standards in computer security, information
security, and cybersecurity while often being voluntarily adopted
as guidance and standards by industry. This talk aims to leave
enough time to address questions and explore whether the audience
has new challenges that should become an NCCoE project in the
future. At some point during the lecture, the following terms or
phrases will be used: cybersecurity framework (functions,
categories, subcategories), privacy framework, risk management
framework, security and privacy controls, mitigating cybersecurity
and privacy risk.