The center, based in Gaithersburg, Maryland, will provide a computing facility where researchers from NIST can work collaboratively with both the users and vendors of cybersecurity products and services. The center will host multi-institutional, collaborative efforts that build on expertise from industry and government.
The center plans to undertake use cases – comprehensive requirements and test plans to address specific cybersecurity challenges – that could lead to practical, interoperable cybersecurity approaches for complex IT systems, NIST said in a news release.
Examples of potential use cases would be interoperable cybersecurity templates to address challenges in health IT, cloud and mobile computing, cryptography, or continuous monitoring of IT systems.
The development and refinement of use cases would be open to all interested parties, including IT vendors and the public. Results from center projects will be shared with the broader IT user and vendor communities.
In addition, NIST released a draft updated guide for how organizations should manage responses to computer security incidents, such as hacking or denial of service attacks.
The revised guide is designed to help both established and newly formed incident response teams create an incident response policy and plan. The plan should have a mission, strategies, and goals, an organizational approach to incident response, metrics for measuring the response capability, and a built-in process for updating the plan.
NIST is seeking public comments on the draft. Comments should be sent via email with "Comments SP 800-61" in the subject line by March 16.