National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) was founded in 1901 and is one of the nation’s oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time. From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on technology, measurement, and standards provided by NIST.
NIST Computer Security Resource Center provides access to NIST’s cybersecurity- and information security-related projects, publications, news and events.
NIST 800-171 On 21 Oct. 2016, the U.S. Department of Defense published the Final Rule for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, which was effective immediately. Contractors were required to fully meet the security requirements outlined in the DFARS clause, to include the NIST SP 800-171, for “covered contractor information systems” no later than 31 Dec. 2017. It represents the government’s efforts to prevent improper access of important unclassified information in the supply base.
This Handbook is intended to be a guide to assist U.S. manufacturers who supply products within supply chains for the DOD and who must ensure adequate security by implementing NIST SP 800-171. Available at https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
Cybersecurity Maturity Model Certification (CMMC)
The U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base
(DIB) sector to enhance the protection of controlled unclassified
information (CUI) within the supply chain. The CMMC effort builds upon existing regulation (see above DFARS 252.204-7012 /
NIST SP 800-171) that is based on trust by adding a verification
component with respect to cybersecurity requirements.
On 31 Jan 2020, DoD released the final version of the CMMC. The CMMC documentation is available at: https://www.acq.osd.mil/cmmc/index.html CMMC requirements are expected to be included in RFPs starting in September 2020.
FBI Internet Crime Complaint Center (IC3)
The mission of the Internet Crime Complaint Center (IC3) is to be a reliable and convenient reporting mechanism for the public to submit complaints about Internet crime and scams to the FBI. The IC3 uses the information from public complaints to refer cases to the appropriate law enforcement agencies and identify trends. The IC3 has received over 4 million complaints since it was created in 2000. Anyone who is a victim of an Internet enabled crime should file a complaint with IC3 to help stop hackers and other cyber criminals. Over the last five years, the IC3 has received an average of almost 300,000 complaints per year. The complaints address a wide array of Internet scams affecting victims across the globe.
Rhode Island State/Federal Cyber Disruption Response (PDF) The suggested call order to report cyber intrusions for investigation.
Rhode Island Department of Attorney General is the top legal official in Rhode Island. As the State’s top prosecutor, the Attorney General fights to enhance the economic security of Rhode Island, protect the public safety of our communities and restore the public trust in state government by fighting corruption. As the central legal agency of the State, the Office of Attorney General is responsible for prosecution of all felony criminal cases and misdemeanor appeals, as well as prosecution of misdemeanor cases brought by state law enforcement agencies.
The Rhode Island Joint Cyber Task Force (JCTF) was established to prevent and respond to cyber security events and defend the security of critical infrastructure. The RIJCTF is comprised of members from the Rhode Island State Police Computer Crimes Unit and individuals representing higher education, hospitals, finance, utilities and defense. This cyber initiative is in line with the President’s mandate on cyber security. The RIJCTF provides analysis and support prior to and during catastrophic events affecting critical cyber infrastructure in Rhode Island, and ensures continuity and restoration of cyber operations.
The Rhode Island State Police (RISP) Computer Crimes Unit (CCU) is a multi-agency unit that prevents, interdicts, investigates and prosecutes individuals who use the Internet to commit crimes.
The Rhode Island Emergency Management Agency’s mission is to reduce the loss of life and property for the whole community while collaborating in the state to build, sustain, and improve RI’s capability to prepare for, protect against, respond to, recover from, and mitigate all natural, human-caused, and technological hazards. The purpose of the Cybersecurity Protection Plan and RIEMA’s Cybersecurity Program is to lead Rhode Island’s effort to protect critical cyber infrastructure from all hazards by identifying and managing physical/cyber risks and enhancing resilience through collaboration with the public and private sector critical infrastructure communities.
The Rhode Island Cybersecurity Commission was established on May 7, 2015 through Executive Order 15‐10 and was charged with submitting an initial action plan by October 1, 2015 on steps that the State of Rhode Island should take to foster the resiliency of state government operations. The Commission consisted of 28 members who come from state government, federal government, the private sector, and academia. The Commission produced two reports presented to the Governor:
- A Framework for the Development of Cyber Protection and Resiliency in State Government Operations (PDF) The preliminary report to Governor Raimondo per Executive Order 15‐10: An initial action plan on steps the state can take to foster the resiliency of state government operations presented October 1, 2015.
- Growing Rhode Island’s Cybersecurity Industry and Workforce: An Action Plan (PDF) Submitted to Governor Raimondo by RI Commerce Corporation and RI Cybersecurity Commission December 1, 2015.