Today's threat landscape has created ever-increasing challenges for financial services companies as they work to protect important financial assets and customer data. Financial services companies are under a high and sustained level of attack, in some instances experiencing a direct loss.
Complicating efforts to protect important data is the highly complex infrastructure that established financial services companies must manage. Disparate, legacy systems that run on different operating platforms are difficult to manage and ensure appropriate levels of access management.
The NCCoE has developed an example implementation that demonstrates ways in which a financial services company can improve their information system security by limiting employee access to only the information they need to do their job, at the time they need it, and nothing more. Essentially, enabling a company to give the right person the right access to the right resources at the right time.
The NCCoE developed cybersecurity guidance in draft NIST Special Publication 1800-9 using standards-based commercially available technologies and industry best practices to help financial services companies provide a more secure and efficient way to manage access to data and systems.
The full draft practice guide is also available for download in PDF or web viewing.