NIST eyes IT asset management for financial services industry

A team of federal, state and local cybersecurity experts is looking for partners to develop an IT asset management system that can help the financial services industry protect its critical IT gear from electronic attack.

According to a May 6 notice in FedBizOpps, the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence (NCCoE) are seeking collaborators to provide products and technical expertise in creating a model, standards-based system that financial services companies could use to integrate existing asset management technology, hardware and software support, and IT security into a single system.

NCCoE is a partnership among NIST, Maryland and Maryland's Montgomery County that facilitates the rapid adoption of standards-based cybersecurity solutions for business and public organizations using commercially available technologies.

IT assets in the financial services industry range from company smartphones and laptops to major database and network servers. Managing those assets is a complex task that goes far beyond keeping track of where they are, the FedBizOpps notice states. Software -- both operating systems and programs -- must be kept up-to-date, and organizations must be able to rapidly and seamlessly respond to new threats from malware or cyberattacks. An IT asset management (ITAM) system is the answer to those challenges, NIST officials said in a statement.

NCCoE is looking for technology vendors interested in working on a "reference design" to demonstrate how companies can tie their existing data systems for physical assets and IT into a comprehensive ITAM.

Details of the challenge are outlined in a recently released ITAM "use case" -- a tool software engineers use to define a system's functional requirements.