Leveraging Cyber Security Framework to Identify the SP 800 53 Security and Privacy Controls for Cloud‐based Information Systems

Leveraging Cyber Security Framework to Identify the SP 800 53 Security and Privacy Controls for Cloud‐based Information Systems

Award Information
Agency: Department of Commerce
Branch: National Institute of Standards and Technology
Contract: 70NANB18H173
Agency Tracking Number: 071-03-01 (FY18)
Amount: $99,999.65
Phase: Phase I
Program: SBIR
Awards Year: 2018
Solicitation Year: 2018
Solicitation Topic Code: N/A
Solicitation Number: 2018-NIST-SBIR-01
Small Business Information
320 Whittington Pkwy, Louisville, KY, 40222
DUNS: 877380530
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: Y
Principal Investigator
 Bin Xie
 (502) 371-0907
 Bin.Xie@InfoBeyondtech.com
Business Contact
 Bin Xie
Phone: (502) 371-0907
Email: Bin.Xie@InfoBeyondtech.com
Research Institution
N/A
Abstract
NIST developed information system risk management and guidelines that assist agencies in implementing integrated, organization‐wide programs to manage information security risk, and further developed Cloud Security Assessment Tool (CSAT) to facilitate in this matter. However, NIST’s CSAT needs further improvement and implementation of new functions such that it can be commercialized as an enterprise tool. In this project, InfoBeyond advocates the development of a user‐friendly, efficient, reliable, and generic CSAT Tool. Our CSAT will be delivered as a tool: (i) an Enterprise CSAT standalone version (Phase I), and (ii) a CSRC Cloud version (Phase II). Specifically, our CSAT overcomes the NIST’s CSAT limitations such as failing FIPS policy due to outdated MS internal configuration, insecure software architecture, requiring MS Excel for report generation and database repopulation, and running single operating platform. Further, our CSRC implements new features, such as additional SP 800 series data for risk management, technical user credential management service, and built‐in database editor. All these improvements or new features facilitate government agencies’ adoption of secure cloud solution effectively through friendly GUI. For CSAT efficiency, our CSAT is implemented in an MVC software framework to achieve enterprise‐level runtime performance with scalability for many users.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government