NISTv2.0: Integrating NIST Frameworks (ERM/CSF/RMF)

Audience:

Security, IT, Risk Management, Policy Makers, and other business professionals who have responsibility for aspects of business or technical security can benefit from this course.

Prerequisites:

Basic computing skills and security knowledge.

Course Description:

This three-day Integrating NIST Frameworks (ERM/CSF/RMF) course helps students to understand the background and integration of several key frameworks from the National Institute of Standards and Technology (NIST). The course explains the background and application of NIST’s Cybersecurity Framework (CSF) version 2.0, Enterprise Risk Approach, and Risk Management Framework (RMF), and their relationship to other NIST models such as those for Cybersecurity Workforce, Privacy Risk Management, and Cybersecurity Supply Chain Risk Management (C-SCRM). Discussion also addresses NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, that many private organizations must apply within their own operations.

Using CSF’s proven components (updated in 2024) as a way to organize risk expectations, outcomes and communication, the course explains the interaction among mission objectives and priorities, risk management through the language of business, and application of those objectives for managing risk for business systems and services.

This course will help students apply CSF principles to treat cybersecurity risk management as an enterprise practice. The course helps security teams understand how to manage risk in light of executives’ priorities, and it helps leaders apply the necessary privacy & security enablers to be prepared for an ever-evolving cybersecurity risk landscape.