NIST Cybersecurity Practice Guide
Nov 28, 2015
The U.S. NIST (National Institute of Standards and Technology) has released an IT security Practice Guide titled "IT Asset Management". Belarc has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on this cybersecurity project for financial institutions.
As the country's national lab for cybersecurity, the NCCoE brings together people from industry, technology companies, government agencies, and academia to collaborate on applied cybersecurity to address broad challenges of national importance.
NCCoE has just released a draft guide of this cybersecurity project, titled IT Asset Management. The guide shows how financial institutions can increase their cybersecurity resilience by enhancing the visibility to resources across the enterprise using standards, best practices, and commercially available products. The draft is available for download on the NCCoE website, and they are seeking feedback on it.
"We are pleased with the collaborative effort seen throughout this draft guide. The guide can help organizations better manage their cybersecurity risk by providing a centralized view of asset information, including location, ownership, hardware, software and patch levels," said Nate Lesser, deputy director of the NCCoE, which is part of the National Institute of Standards and Technology (NIST). "By using open source and commercially available technologies, the complex cybersecurity challenge of managing IT assets across an enterprise can be addressed today."
One of the challenges financial institutions face is the wide array of information technology devices, systems, and applications deployed across a wide geographic area. Not being able to track the location and configuration of networked devices and software can leave an organization vulnerable to security threats. Further complicating this scenario is many organizations include subsidiaries, branches, third-party partners, contractors as well as temporary workers and guests.
The NCCoE worked with technology vendors like Belarc to develop an example solution that provides an organization with the tools to centrally monitor and gain deeper insight into their entire IT asset portfolio with an automated platform. This example solution addresses questions such as "What operating systems are our laptops running?" and "Which devices are vulnerable to the latest threat?" enabling organizations to improve their cybersecurity resilience, gain efficiencies in asset management, and reduce costs associated with unused or underutilized physical and software assets.
This practice guide can help financial institutions reduce their risk by showing how commercially available technologies, such as Belarc's BelManage* system can be used to enhance the visibility of assets, identify vulnerable assets, and enable faster response to security threats.
Belarc, Inc. develops and licenses Internet based products which help make computers easier to maintain and secure by large enterprises, small businesses and individual consumers. Our products are used for software license management, cybersecurity status, IT asset management, configuration management, and more. Belarc's products are in use on well over fifty million computers and are licensed by numerous customers worldwide including: AIG, Catholic Relief Services, Federal Aviation Administration, Kindred Healthcare, NASA, Sungard, Travelers, U.S. Air Force, U.S. Army, U.S. Marine Corps, U.S. Navy, Unilever, WebMD/Emdeon, and many more.
* While the example solution uses certain products, including Belarc's BelManage and Data Analytics products, the NCCoE does not endorse these products in particular. The guide presents the characteristics and capabilities of those products, which an organization's security experts can use to identify similar standards-based products that will fit within with their organization's existing tools and infrastructure.
Belarc's products are used for software license management, cybersecurity status, IT asset management, and configuration monitoring. Belarc's products are used by more than 50 million computers and are licensed by numerous customers worldwide including: AIG Asia, Bureau of Land Management, Catholic Relief Services, Federal Aviation Administration, Oakland County (Michigan), NASA, Railinc, Travelers, U.S. Air Force, U.S. Army, U.S. Department of State and the U.S. Navy.