Access Rights Management for the Financial Services Sector

NIST Cybersecurity Practice Guide, Draft Special Publication 1800-9: “Access Rights Management for the Financial Services Sector”

What’s the guide about?

Today’s threat landscape has created ever-increasing challenges for financial services companies as they work to protect important financial assets and customer data. Financial services companies are under a high and sustained level of attack, in some instances experiencing a direct loss.

Complicating efforts to protect important data is the highly complex infrastructure that established financial services companies must manage. Disparate, legacy systems that run on different operating platforms are difficult to manage and ensure appropriate levels of access management.

The NCCoE has developed an example implementation that demonstrates ways in which a financial services company can improve their information system security by limiting employee access to only the information they need to do their job, at the time they need it, and nothing more. Essentially, enabling a company to give the right person the right access to the right resources at the right time.

The NCCoE developed cybersecurity guidance in draft NIST Special Publication 1800-9 using standards-based commercially available technologies and industry best practices to help financial services companies provide a more secure and efficient way to manage access to data and systems.

The full draft practice guide is also available for download in PDF or web viewing.

We look forward to receiving your comments on the draft guide—the approach, the architecture, and possible alternatives.

The comment period is open through October 31, 2017. Comments will be made public after review and can be submitted anonymously. Submit comments online or via email to financial_nccoe@nist.gov.

Read the news announcement for additional information.