Back in October I was in Baltimore for NIST‘s 2018 Cybersecurity Risk Management Conference. For those not aware, let me break this down. NIST is the National Institute of Standards and Technology, a non-regulatory research arm of the Department of Commerce. For those of us in the IT and infosec world, we know NIST for their SP800 and SP1800 series of documents on various IT and infosec topics, for creating the Risk Management Framework (sometimes call FISMA) and the Cybersecurity Framework (CSF).
For the last two years they held annual workshops for the CSF (these were actually the 7th and 8th), which I was able to attend and previously reported on. The main purpose of these workshops was to bring people together to look at the future of the CSF, and develop the next version, which was v1.1 that came out earlier this year.
This year we instead got a 3 day conference held at a hotel in Baltimore. It was a mix of plenary sessions, work sessions, panel discussions, and presentations. There were also working lunches for those who paid extra for ‘catering’.
It was almost overwhelming the number of sessions, as there were about 8-9 sessions going on at once during certain period. Some of the slide decks from these presentations are made available, as there was almost too much information.
Some of the items I learned was details on the updating going on with various documents related to FISMA. I knew this was going on, but got more details. Also learned more about the plans for PCI-DSS v4, which is planned for development over the coming year. I also learned more about the Baldridge Cybersecurity Excellence Builder (which will have an update early next year).
There were some problems, I think due to the change in venue and expansion from the workshops. I hope these will be addressed for the next one. At this point, we don’t know when or even where the next one will be. So we’ll have to see. I hope I can attend the next one as well.
*** This is a Security Bloggers Network syndicated blog from Michael on Security authored by Michael R. Brown. Read the original post at: http://michaelonsecurity.blogspot.com/2019/02/2018-nist-cybersecurity-risk-management.html