Captions will be available by Monday, January 8, 2018.
Both topics, Framework Overview and Framework Update, will be presented during the live webcast. Each topic concludes its presentation with a Q&A session which has been built into the schedule below. Please email questions to cyberframework [at] nist.gov (subject: Cybersecurity%20Framework%20Webcast) and join our live Twitter Chat using #CyberFramework.
- Framework Overview: 2:00pm - 2:55pm ET
- Break: 2:55pm – 3:00pm ET
- Framework Update: 3:00pm – 4:00pm ET
Cybersecurity Framework 101
The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) was issued on February 12, 2014. This voluntary framework – based on existing standards, guidelines, and practices – provides a prioritized, flexible, repeatable, performance-based, and cost-effective approach to managing cybersecurity risk at all levels in an organization and is applicable to organizations of all sizes and sectors. The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. This collaboration continues under the direction of the Cybersecurity Enhancement Act of 2014, as NIST works with stakeholders from across the country and around the world.
The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. It can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.
This webcast will provide the audience with a brief history of how the framework was developed, supply an understanding of each of the three primary Framework components (The Core, Implementation Tiers, and Framework Profiles), demonstrate how the Framework can be used by organizations, and introduce the Framework Roadmap and Industry Resources. The audience will have an opportunity to ask questions during a Q&A session at the end of the presentation.
Framework 101 Presentations
Framework Overview Presentation Updated 12/21 (PDF)
Framework for Improving Critical Infrastructure Cybersecurity version 1.0
Roadmap for Improving Critical Infrastructure Cybersecurity version 1.0
Cybersecurity Framework Update
On December 5, 2017 NIST released the Cybersecurity Framework v1.1 Draft 2. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the original version of the Framework. Updates were derived from feedback has NIST received since publication of Cybersecurity Framework Version 1.0 including emails to cyberframework [at] nist.gov (subject: Cybersecurity%20Webcast) , comments received on the initial draft of v1.1, many outreach engagements, and the 2016 and 2017 NIST-hosted Framework workshops.
More specifically, the draft revision (version 1.1) seeks to:
- Enhance guidance for applying the Framework for supply chain risk management
- Provide guidance on self-assessment of cybersecurity risk using the Framework
- Clarify use of Implementation Tiers and their relationship to Profiles
- Add the concept of identity proofing and authorization
- Add the concepts of Coordinated Vulnerability Disclosure
This webcast will provide the audience with an opportunity to further explore the proposed Framework updates. NIST will provide an understanding of what is proposed in the version 1.1 Draft 2, describe the process for finalizing the proposed updates, while leaving plenty of time for questions and answers.
Framework Update Presentation Updated 12/1 (PDF)
Draft Framework for Improving Critical Infrastructure Cybersecurity version 1.1
Draft Roadmap for Improving Critical Infrastructure Cybersecurity version 1.1