You are here

Model-Based Application of NIST Cybersecurity Standards

Award Information
Agency: Department of Commerce
Branch: National Institute of Standards and Technology
Contract: 70NANB20H123
Agency Tracking Number: 028-FY20-77
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: 9.0
Solicitation Number: 2020-NIST-SBIR-01
Timeline
Solicitation Year: 2020
Award Year: 2020
Award Start Date (Proposal Award Date): 2020-09-01
Award End Date (Contract End Date): 2021-02-28
Small Business Information
4519 Mustering Drum, Ellicott City, MD, 21042
DUNS: 868155110
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Richard LeBoeuf
 (254) 485-7809
 rleboeuf@wwtechnology.com
Business Contact
 Richard LeBoeuf
Phone: (254) 485-7809
Email: rleboeuf@wwtechnology.com
Research Institution
N/A
Abstract
The proposed innovation will use a model-based approach to streamline understanding and application of standards. NIST standards addressing cybersecurity, presented in the form of documents, spreadsheets, and database tools, provide thousands of complimentary and overlapping items for users to track. Significant effort is expended understanding the standards before attention can be focused on the system of interest. Model-based representations of both the standards and cyber-physical systems in a single tool will provide advantages over current costly and labor-intensive approaches. The tool will give stakeholders at all organizational levels access to the information specific to their domain, enable a better understanding of both the standards and the system, and be the basis for analyses and generation of certification artifacts. We will model NIST SP 800-53, NIST SP 800-53A, the NIST Cybersecurity Framework, NIST IR 8183, and the new Cybersecurity Maturity Model Certification (CMMC) standards and trace them to a cyber-physical system model. Analyses will be developed to automatically assess compliance gaps in the system relative to the standards. Stakeholder-specific reports with analysis results and recommendations will be generated automatically. The extensible tool will improve the efficiency of understanding and applying existing, evolving, and new NIST standards.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government