Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #3

 

The collaborative process to update the NIST Cybersecurity Framework (CSF), toward CSF 2.0, continues! 

This final two-day NIST Journey to CSF 2.0 Workshop will be an opportunity to discuss the newly released Draft CSF 2.0.

This event will build on the virtual 
CSF 2.0 Workshop #2, our in-person working sessions, Request for Information (RFI), Concept Paper, Discussion Draft, and our first CSF 2.0 workshop. Comments shared virtually, in-person, or through other means will all be considered as input toward the Final CSF 2.0.

Day 1 | September 19 - Plenary and panel discussion day (event will be live-streamed, in addition to in-person)

Attendees will hear from NIST staff and expert panels, with the opportunity to discuss the Draft CSF 2.0 over Slack

Slides

 

Day 2 | September 20 – Working session day (offered only in person)

Attendees will actively participate in breakout sessions to share feedback on the Draft CSF 2.0; the sessions will not be recorded and there is no virtual participation.

 


 

Additional Considerations: Coffee and pastries will be provided each day, but catered lunch will not be offered. Please bring your own lunch or plan to briefly leave the building to find local lunch options if you’re attending in-person.

Parking is free, but limited; please try to carpool.

Pre-Event Items:  

Stay In Touch:

CE/CPE Credits

NIST does not provide specific information regarding CE credits. Attendees are welcome to use their registration confirmation as a means to self-report to their authoritative certification bodies.

Day 1: September 19, 9:00 AM – 4:00 PM – plenary and panel discussion day

 

 

Time

Title

Purpose

Panelists/Speaker

Moderator

9:00 AM

Opening Remarks

Welcome / Introduction of Director

Kevin Stine

N/A

9:05 AM

Welcoming Remarks

Welcoming Remarks

Charles H. Romine, Associate Director for Laboratory Programs, NIST

N/A

9:10 AM

Workshop Overview

Overview of Workshop / Rules of Engagement

Kevin Stine

N/A

9:15 AM

Panel 1

Conversation on CSF 2.0 Draft

Kevin Stine

Kevin Stine (Facilitating)

Cherilyn Pascoe

Amy Mahn

Jon Boyens

10:05 AM

Break

Break

N/A

N/A

10:25 AM

Panel 2

Governance

Anzea Gambale, TD

Matt Barrett, Cyber ESI

Vicky Ames, United Therapeutics Corp

Bryony Crown (UK)

11:15 AM

Break

Transition between Panels

N/A

N/A

11:25 PM

Panel 3

Cyber-Supply Chain Risk Management (C-SCRM content in CSF, is it in the goldilocks zone?)

Cassie Crossley, Schneider Electric

Nadya Bartol, BCG

Lee Kim, JD CISSP CIPP/US

Taro Hashimoto, NTT

12:15 PM

Lunch

Break

N/A

N/A

1:30 PM

Panel 4

Guidance on CSF Implementation (cover Profiles, Tiers & Implementation Examples)

Ben Shariati, UMBC

Cherilyn Pascoe, NIST

Kelly Hood, Optic Cyber

Steve Vetter, Cisco

Julie Snyder, MITRE

2:20 PM

Break

Break

N/A

N/A

2:40 PM

Panel 5

Informative References

Kent Landfield, Trellix

Mike Fagan, NIST

Laura Lindsay, Microsoft

Jamie Williams, MITRE

3:30 PM

Break

Transition between Panels

N/A

N/A

3:40 AM

Closing Remarks - Day 1

Wrap up Day 1 of the Workshop

Kevin Stine

N/A

4:00 PM

Fin

End of Day 1

N/A

N/A

Day 2: September 20, 9:00 AM – 4:25 PM – concurrent working sessions day

Start Time (EDT)

Session Name/Information 

9:00 AM

Welcome & Opening Remarks

9:05 AM

Overview & Rules of Engagement

9:10 AM

Breakout Session #1

10:40 AM

Break

11:00 AM

Breakout Session #2

12:30 PM

Lunch 

2:00 PM

Breakout Session #3 

3:30 PM

Break

3:40 PM

Summary & Closing Remarks

4:25 PM Workshop Ends

Working Sessions: 

  1. Cybersecurity Governance (CSF Govern in Appendix C and Implementation Examples, Section 4, Appendix B)
  2. Cybersecurity Supply Chain Risk Management with the Framework (GV.SC, Section 3.5)
  3. CSF Core (Identify, Protect, Detect, Respond, Recover of Appendix C and Implementation Examples)
  4. Framework Guidance: Profiles and Tiers (Sections 3.1, 3.2, 3.3, and 3.4, Appendix A, Appendix B)
  5. Mappings of Informative References, Online CSF 2.0 Core (CSF 2.0 Reference Tool)
Created August 7, 2023, Updated October 12, 2023