Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Financial Services Sector Cybersecurity Workshop

Hosted by the Financial Services Sector Coordinating Council, and the National Institute of Standards and Technology

Workshop participants will hear presentations and panels, as well as participate in group discussions to advance cybersecurity best practice and regulatory interactions in the Financial Services sector.

This workshop will offer participants the opportunity to:

  • Learn about and discuss the latest iteration of the Financial Services Sector Specific Cybersecurity Profile (DRAFT version 4.0);
  • Understand and share views about risk tiering in the financial services sector;
  • Provide feedback on the DRAFT Risk Tiering Methodology that will overlay the Profile; and
  • Share and Discuss cybersecurity best practices.

The goal of this event is to:

  • Produce a risk tiering methodology that seamlessly overlays with the FSSSC Profile; and
  • Evolve the Profile so that it further enhances cybersecurity and cybersecurity related compliance activities.

This event will be valuable to:

  • Financial institutions across all subsectors;
  • Chief Information Security Officers, Chief Information Risk Officers, parties that report to those functions, and policy and legal personnel specializing in cybersecurity, cyber regulation, and privacy;
  • Federal, State, and local financial services regulatory agencies; and
  • Financial services self-regulatory organizations.

Printable Agenda (PDF)

NIST – Cybersecurity Profile Risk Tiering Workshop
Version 4.0 (Distribution Draft)

8:30am-9:00am (30 min)


9:00am-9:20am (20 min)

Introductions – Kevin Stine, Director of the NIST Applied Cybersecurity Division


NIST will introduce the topic, its work, and its work on further development of the NIST CSF.  NIST will also discuss its support of sector specific efforts to tailor NIST CSF as has been done with the Financial Services Sector Cybersecurity Profile and with other parties.

9:20am-9:40am (20 min)

The Financial Services Sector Profile: An Overview and Purpose Statement for the Workshop


Learn about the development of the Financial Services Sector Cybersecurity Profile, its Diagnostic Statements, and the Risk Tiering Methodology, which will be the focus of the workshop.  Also, learn about the next steps and issue areas that the sector will focus on following the workshop.

9:40am-10:10am (30 min)

The Need for Risk Tiering: A Primer on Purpose and Methodology


Financial Services firms vary in business offerings, interconnectedness, and complexity.  The Risk Tiering Methodology, which is the focus of the workshop, has been drafted as a means to address those issues. 

10:10am-10:20am (10 min)

Overview of Breakout Sessions

10:20am-10:30am (10 min)


10:30am-12:00pm (1.5 hrs)

Breakout Session 1

  1. Risk Tiering Criteria: General Discussion (Audience – National and Global Banks)
  2. Adoption of the Profile for Community and Regional Institutions

12:00pm-1:30pm (1.5 hrs)

Breakout Session 2

  1. Risk Tiering Criteria: General Discussion (Audience – Community and Regional Institutions)
  2. Internationalization and Harmonization

1:30pm-2:30pm (1.25 hr)

Lunch – Ronald Reagan Food Court – Buy Your Own

2:30pm-3:15pm (45 min)

Read Out and Next Steps


Reconvene as a larger group to hear what was discussed, the direction provided, and potential next steps for NIST and the financial services sector.



Created April 3, 2018, Updated April 23, 2018