Both topics, Framework Overview and Framework Update, will be presented during the live webcast. Each topic concludes its presentation with a Q&A session which has been built into the schedule below. Please email questions email@example.com and join NIST’s live Twitter Chat using #CyberFramework.
-- Framework Overview: 2:00pm - 2:55pm ET
-- Break: 2:55pm – 3:00pm ET
-- Framework Update: 3:00pm – 4:00pm ET
Cybersecurity Framework 101
The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) was issued on Feb. 12, 2014. This voluntary framework — based on existing standards, guidelines, and practices – provides a prioritized, flexible, repeatable, performance-based, and cost-effective approach to managing cybersecurity risk at all levels in an organization and is applicable to organizations of all sizes and sectors. The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. This collaboration continues under the direction of the Cybersecurity Enhancement Act of 2014, as NIST works with stakeholders from across the country and around the world.
The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. It can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.
This webcast will provide the audience with a brief history of how the framework was developed, supply an understanding of each of the three primary Framework components (The Core, Implementation Tiers, and Framework Profiles), demonstrate how the Framework can be used by organizations, and introduce the Framework Roadmap and Industry Resources. The audience will have an opportunity to ask questions during a Q&A session at the end of the presentation.
Cybersecurity Framework Update
NIST released the Cybersecurity Framework v1.1 Draft 2 Dec. 5, 2017. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the original version of the Framework. Updates were derived from feedback has NIST received since publication of Cybersecurity Framework Version 1.0 including emails to firstname.lastname@example.org, comments received on the initial draft of v1.1, many outreach engagements, and the 2016 and 2017 NIST-hosted Framework workshops.
More specifically, the draft revision (version 1.1) seeks to:
- Enhance guidance for applying the Framework for supply chain risk management
- Provide guidance on self-assessment of cybersecurity risk using the Framework
- Clarify use of Implementation Tiers and their relationship to Profiles
- Add the concept of identity proofing and authorization
- Add the concepts of Coordinated Vulnerability Disclosure
This webcast will provide the audience with an opportunity to further explore the proposed Framework updates. NIST will provide an understanding of what is proposed in the version 1.1 Draft 2, describe the process for finalizing the proposed updates, while leaving plenty of time for questions and answers.
December 20, 2017
2:00pm - 4:00pm
Note: This is a virtual only event. The Framework 101 and Update sessions will be webcast live from this page on December 20th. Webcast registration is not required. However, if you would like to receive an email reminder please register for the webcast.
Join NIST’s Twitter Chat using #CyberFramework
Registration contact: Crissy Robinson, email@example.com, (301) 975-3999
Technical contact: Matthew Barrett, firstname.lastname@example.org, (301) 975-3267