Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The collaborative process to update the NIST Cybersecurity Framework (CSF), toward CSF 2.0, continues!
Register to join an in-person working session to discuss potential updates to the CSF. At these half-day events, attendees will participate in working sessions to discuss the potential significant changes as outlined in the CSF 2.0 Concept Paper. These sessions will build on the February 15, 2023, virtual CSF 2.0 Workshop #2, as well as feedback from the 2022 NIST Request for Information (RFI) and the first CSF 2.0 workshop. Comments shared virtually at the February 15th workshop, in-person at the working sessions, or through other means will all be considered as input toward CSF 2.0.
Who are the Working Sessions Intended for?
These will be hands-on working sessions. Attendees should be familiar, with hands-on implementation experience, with the NIST Cybersecurity Framework. These sessions will not cover training on the use of the NIST Cybersecurity Framework; NIST intends to host separate events in the future to continue to increase knowledge on the use of the Framework.
Attendance at the preceding virtual workshop on February 15 is required to participate in this in-person event. In addition, attendance is limited to two individuals per organization.
Event Details:
Space is very limited. Please select only one half-day working session.
February 22, 2023 (9:00 AM – 1:00 PM EST) or February 23, 2023 (1:00 PM – 5:00 PM EST) at the
National Cybersecurity Center of Excellence (9700 Great Seneca Highway, Rockville, MD 20850).
Coffee and pastries will be provided.
Parking is free but limited; please try to carpool.
Pre-Event Items:
- Participate in Workshop #2
- Read the CSF 2.0 Concept Paper (to be posted HERE, in advance of the event)
- Review the RFI analysis
- Watch the Workshop #1 recording
- Learn more about progress toward CSF 2.0
Stay In Touch:
- Email cyberframework [at] nist.gov (cyberframework[at]nist[dot]gov) with questions and join us on Twitter via @NISTcyber using #CyberFramework
- Subscribe to receive NIST email notifications
Journey to the NIST Cybersecurity Framework (CSF) 2.0 |1st Working Session
February 22, 2023
9:00 AM – 1:00 PM EST (UTC-5)
8:30 AM – Check In
9:00 AM – Opening Remarks
9:30 AM – 10:50 AM Working Session #1 (Concurrent Sessions)
10:50 AM – 11:15 AM Break/Networking/Coffee
11:15 AM – 12:35 PM Working Session #2 (Concurrent Sessions)
12:35 PM – 1:00 PM Wrap-up/End
Journey to the NIST Cybersecurity Framework (CSF) 2.0 | 2nd Working Session
February 23, 2023
1:00 PM – 5:00 PM EST (UTC-5)
12:30 PM – Check In
1:00 PM – Opening Remarks
1:30 PM – 2:50 PM Working Session #1 (Concurrent Sessions)
2:50 PM – 3:15 PM Break/Networking/Coffee
3:15 PM – 4:35 PM Working Session #2 (Concurrent Sessions)
4:35 PM – 5:00 PM Wrap-up/End
Concurrent Working Sessions: Please rank each session topic based on your interest during registration. Attendees will be able to participate actively in two sessions based on their rankings:
- Relationship to Standards and Mappings/Informative References: The relationship and alignment of the CSF to other cybersecurity frameworks, standards, and guidelines, as well as how informative references can be updated as they change.
- CSF Core Changes: Potential changes to the Functions, Categories, and Subcategories of the CSF Core (minus governance and supply chain cybersecurity topics, which will be discussed in separate sessions).
- CSF Guidance and Profiles: Potential updates to guidance to implement the CSF, including development of CSF Profiles and implementation of CSF outcomes in each Subcategory.
- Cybersecurity Governance: Potential changes to the CSF to address cybersecurity risk management governance.
- Cybersecurity Supply Chain Risk Management: Potential changes to the CSF to address cybersecurity supply chain risk management.
- Assessment and Measurement: Potential changes to the CSF to address assessment of cybersecurity risk management, as well as additional guidance on CSF Tiers.