NIST Agenda August 16-17, 2007

Below is the current NIST Agenda.

August 16th
1:00pm-1:30pm Introduction to NIST’s Risk Management Framework (RMF) and related standards and guidelines, including NIST Special Publication (SP) 800-53, Revision 1.

  • History, status, public review process
  • Primer on the RMF and SP 800-53, Revision 1
  • Effort to harmonize with ISO/IEC 27000 series documents
1:30pm-2:00pm Federal agencies’ experiences in applying the RMF and related standards and guidelines to general information system (i.e., non-ICS environments)
2:00pm-2:30pm Federal agencies’ experiences in applying the RMF and related standards and guidelines to ICS
2:30pm-3:00pm Introduction to NIST’s SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security and the ICS augmentation of NIST Special Publication (SP) 800-53, Revision 1

  • History of SP 800-82 and the ICS augmentation of NIST Special Publication (SP) 800-53, Revision 1
  • Process for developing and reviewing ICS-related documents
  • Status of the documents
3:00pm-3:30pm Federal agencies’ experiences in applying the ICS augmentation of NIST Special Publication (SP) 800-53, Revision 1
3:30pm-4:00pm Private sector practice and experience with ICS cyber security
4:00pm-4:45pm Discussion on ICS standards convergence/harmonization

  • Motivation: importance of convergence, diversity is not good
  • Stakeholders & communities
  • Role of NERC CIPs

Breakout discussions: Whether and how to achieve convergence (Part 1)
Questions to Guide Breakout Groups:

  • Do you think that convergence of standards is important?
  • Based on prior knowledge and what you heard here, are the NIST RMF and the ICS augmentation of SP 800-53, Revision 1 a good basis for convergence?
  • What issues need to be discussed at this workshop?
4:45pm-5:00pm Status reports from breakout groups:

  • Determining next day’s agenda (based in part on the status reports)
August 15th
9:00am-11:00am Continue breakout discussions: Whether and how to achieve convergence (Part 2)
11:00am-11:30am Reporting on breakout sessions
11:30am-Noon Next steps