NIST CyberSecurity Framework Workshop Coming Up April 5-7, 2016, in Gaithersburg, MD

Workshop Purpose: to provide attendees a broad sampling of the Government’s CyberSecurity Framework use and work products. Also, NIST will be gathering input to help understand stakeholder awareness and current use of the Framework, the need for an update to the Framework,
CyberSecurity best practices sharing, and the future governance of the Framework.

To register, go to http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm

Draft Agenda

Tuesday, April 5, 2016 (optional)
11:15 AM Registrant Check-In
12:15 PM Optional Seminar: Framework Overview
Includes time for attendee questions
2:00 PM Break & Registrant Check-In
2:15 PM Optional Seminar: Framework Overview (repeat session)
Includes time for attendee questions
4:00 PM Adjourn
Wednesday, April 6, 2016
7:30 AM Registrant Check-In
8:30 AM Welcome Plenaries and Keynotes
9:15 AM NIST Panel RFI Readout
10:05 AM Break
10:30 AM Panels
Framework Use (Red Auditorium)
International Alignment (Red Auditorium)
Maritime Framework Profile (Green Auditorium)
12:30 PM Lunch (on your own)
1:30 PM Working Session I
Roadmap Items – Privacy and Civil Liberties, International Alignment
RFI Topics – Governance, Framework Update
Special Topics in Framework Use – U.S. Coast Guard Framework Profile
Draft Version – 14 March 2016 2
3:00 PM
3:15 PM
Break
Working Session II
Roadmap Items – Supply Chain Risk Management, Confidence Mechanisms
RFI Topics – Governance, Framework Update, Best Practice Sharing
4:30 PM Adjourn
Thursday, April 7, 2016
8:00 AM Registrant Check-In
9:00 AM Working Session III
Roadmap Items – Workforce and Education, Automated Indicator Sharing
RFI Topics – Governance, Framework Update, Best Practice Sharing
Special Topics in Framework Use – FFIEC Cybersecurity Assessment Tool
10:30 AM Break
11:00 AM Working Session IV
Roadmap Items – Authentication, Federal Agency Cybersecurity Alignment
RFI Topics – Framework Update
Special Topics in Framework Use – CSIP Recover Publication
12:30 PM Lunch (on your own)
1:30 PM Panels
Cybersecurity Insurance (Red Auditorium)
State, Local, and Tribal Framework Use (Red Auditorium)
3:30 PM Readout and Next Steps
4:30 PM Adjourn

Background

Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. Version 1.0 of the Cybersecurity Framework, released on February 12, 2014, was developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement.

In the time since the Framework’s publication, NIST’s primary goals were to raise awareness of the Framework and encourage its use as a tool to help industry sectors and organizations manage cybersecurity risks.

In addition to highlighting a variety of Framework use, the purpose of this workshop is to gather input to help NIST understand stakeholder awareness and current use of the Framework, the need for an update to the Framework, cybersecurity best practices sharing, as well as the future governance of the Framework. Responses to the 11 December 2015 Request for Information (RFI) entitled “Views on the Framework for Improving Critical Infrastructure Cybersecurity” will inform the workshop agenda.