NISTv2.0: Integrating NIST Frameworks (ERM/CSF/RMF)

This three-day Integrating NIST Frameworks (ERM/CSF/RMF) course helps students to understand the background and integration of several key frameworks from the National Institute of Standards and Technology (NIST). The course explains the background and application of NIST’s Cybersecurity Framework (CSF) version 2.0, Enterprise Risk Approach, and Risk Management Framework (RMF), and their relationship to other NIST models such as those for Cybersecurity Workforce, Privacy Risk Management, and Cybersecurity Supply Chain Risk Management (C-SCRM). Discussion also addresses NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, that many private organizations must apply within their own operations. Using CSF’s proven components (updated in 2024) as a way to organize risk expectations, outcomes and communication, the course explains the interaction among mission objectives and priorities, risk management through the language of business, and application of those objectives for managing risk for business systems and services. The course is developed and delivered by one of the primary CSF authors and includes materials help students to apply the CSF principles to treat cybersecurity risk management as an enterprise practice. The course helps security teams understand how to manage risk in light of executives’ priorities, and it helps leaders apply the necessary privacy & security enablers to be prepared for an ever-evolving cybersecurity risk landscape. Note that although this course has been developed and will be delivered by an engineer that participated in numerous NIST projects, NIST itself does not deliver or endorse any formal courses about their risk management or cybersecurity initiatives.