Enhancing Resilience of the Internet and Communications Ecosystem

Tuesday, July 11, 2017 to Wednesday, July 12, 2017

The purpose of this workshop is to explore a range of current and emerging solutions to enhance the resilience of the Internet against automated distributed threats, such as botnets. Deployment of these solutions will depend upon the ability and willingness of various parties to take action.  Depending upon the specific solution, actions may be required by infrastructure providers, device manufacturers, system and network owners, research community, government, and/or standards developers. By exploring the solution space with a broad cross-section of participants, NIST hopes to identify promising avenues for all parties to enhance the resilience of the Internet.

NIST will produce a workshop proceedings document that summarizes the session discussions, captures findings, and identifies opportunities for next steps. Outputs of this workshop will also serve as input to implementation activities related to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

GSA's 3rd Annual Enterprise Mobility Program Workshop and Showcase

Thursday, May 11, 2017

NCCoE security engineer, Joshua Franklin, will be speaking at the GSA's 3rd Annual Enterprise Mobility Program Workshop and Showcase on his work in mobile security. Joshua's work includes managing the NCCoE's Mobile Device Security projects, producing and publishing the Mobile Threat Catalogue, and supporting the recent Department of Homeland Security's Study on Mobile Device Security.

Cybersecurity Framework Workshop 2017

Tuesday, May 16, 2017 to Wednesday, May 17, 2017

This workshop will offer participants the opportunity to: 

  • Share and learn about Cybersecurity Framework users’ experiences that will help others in making effective use of the Framework,
  • Discuss and share their views about proposed updates to the Framework to assist NIST in finalizing Version 1.1 later in 2017, and
  • Learn about new Framework-related policy issues and the progress of others' technical work.

It will include multiple plenary sessions as well as concurrent breakout sessions. There will be ample opportunity for networking. The current agenda is available here

The Framework has been available and used by many organizations across the nation’s critical infrastructure and other sectors since February 2014 when it was published. It also is being used in other countries. This workshop is designed for people who already have a foundational knowledge of Framework.  NIST recommends that registrants visit the Framework’s web page and the Framework Overview webcast  to gain foundational knowledge before the workshop.

Among other information, visitors to that web page will find videos on two webcasts held on March 1 that introduce and review the Framework and describe in detail the proposed changes. 

This is a non-fee conference. Attendees will be able to purchase their own food and drinks using the NIST dining services or nearby restaurants.

NCCoE Workshop: Derived PIV Credentials

Tuesday, October 11, 2016

The NCCoE is currently working on a project which aims to explore and implement commercial off-the-shelf solutions that demonstrate derived PIV credential issuance, lifecycle management, and usage. On October 12, 2016, the NCCOE will host a workshop to present the current direction of the Derived PIV Credentials project (including a high level architecture and current technology partners) and to understand stakeholders’ implementations, challenges, and desired usage.


Pre-Workshop: Maritime and Oil & Natural Gas Open Session

Monday, April 4, 2016

In coordination with the upcoming National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2016, the NCCoE invites interested members of the maritime and oil & natural gas industries to identify and prioritize hard cybersecurity challenges that can be addressed jointly by the NCCoE and industry.

This NCCoE-facilitated Open Session will begin with a quick overview of the NCCoE's Use Case & Building Block identification process. We will then conduct a facilitated discussion identifying and prioritizing potential cybersecurity Use Case challenge statements to solve with technology partners in our labs. As part of the session, the NCCoE will share some candidate use cases identified during its work with the maritime and oil & natural gas industry to develop a Cybersecurity Framework Profile.

Date: Tuesday, April 5, 2016
Time: 12:00 p.m. - 2:00 p.m. (optional follow-on discussion 2:00 p.m. - 4:00 p.m.)
Location: NCCoE, 9700 Great Seneca Highway, Rockville, MD 20850

Register for this pre-workshop today

Workshop - Protecting Consumer Data: Securing Payment and Transaction Information

Monday, March 21, 2016

Cybersecurity incidents affecting consumer-facing businesses threaten the financial security of companies and the public, weakening consumer confidence, eroding individual privacy protections, and damaging the brand value and reputation of businesses.

Join the National Cybersecurity Center of Excellence (NCCoE) for a public workshop to help consumer-facing businesses improve the security around their payment ecosystem and better protect consumer information. Dive into technical issues, architectures, standards, and best practices surrounding multifactor authentication of online transactions and secure handling of sensitive, non-credit card consumer data with some of the brightest minds in this area.

Ultimately, your participation and expertise will result in a challenge statement that will form a new applied cybersecurity project at the NCCoE and lead to a NIST Cybersecurity Guide (Special Publication 1800 series).

Registration for this event is now closed. Find out more about walk-in registrations.  

For those who have registered, you should have received a confirmation email with details on logistics, including Wi-Fi and parking. You may also view that information online.


Date: March 22, 2016
Location: University of Alabama, Birmingham, 1400 University Boulevard, Hill Student Center, 3rd floor Ballroom, Birmingham, AL 35233


Please note: all times below are in Central Time.

8:30 a.m. – 9:00 a.m. - Coffee & Registration

9:00 a.m. – 9:15 a.m. - Welcome: Dean Palazzo, University of Alabama at Birmingham

9:15 a.m. – 9:45 a.m. - NCCoE Opening Remarks: Nate Lesser, Deputy Director, NCCoE

9:45 a.m. - 10:15 a.m. - Keynote Session: Brian Engle, Executive Director, R-CISC

10:15 a.m. – 11:30 a.m. - Panel Discussion: Combating Online Fraud – Multifactor Authentication for e-Commerce Transactions

Moderator: Mike Garcia, Deputy Director, NSTIC


  • Charles Bretz, Director of Payment Risk, Financial Services Information Sharing and Analysis Center (FS-ISAC)
  • Scott Frost, Chief Information Security Officer, Belk
  • Dr. Robert Martin, Vice President, Security Solutions, North America/Ingenico Group
  • Andrew Whelchel, Senior Technology Consultant, Fraud and Risk Intelligence, RSA  

11:30 a.m. – 11:45 a.m. - Break

11:45 a.m. – 1:00 p.m. - Panel Discussion: Safeguarding the Customer Profile – Secure Handling of Sensitive, Non-Credit Card Consumer Data

Moderator: Brian Abe, Project Lead, NCCoE/MITRE


  • Gerald Beuchelt, Chief Security Officer, Demandware
  • George Rice, Senior Director of Payments, HPE Security – Data Security
  • Jake Marcinko, Standards Manager, PCI Security Standards Council
  • Justin Simpson, Senior Manager, IT Risk & Security Governance Team, Walmart

1:00 p.m. – 2:00 p.m. - Lunch

2:00 p.m. – 3:15 p.m. - Technical Breakout Sessions

3:15 p.m. – 3:45 p.m. - Breakout Session Summaries/Prioritization of Topics

3:45 p.m. – 4:00 p.m. - Closing Remarks         


DoubleTree (next to the campus)
808 South 20th Street, Birmingham, Alabama, 35205

Residence Inn (next to campus)
821 20th St S, Birmingham, AL 35205

These listings are for information purposes only; they do not serve as an endorsement. There are other hotels very close to the UAB-Birmingham campus, including a Courtyard Marriott, Springhill Suites, etc.


As a result of conversations with consumer-facing businesses and associations, the NCCoE is proposing two technical projects to demonstrate the business value of more secure payment technologies/processes and more secure handling of consumer information. The NCCoE has worked closely with industry to prioritize their cybersecurity challenges as they relate to these areas. This highly interactive workshop will help finalize the challenge statements and begin to develop potential architectures for these projects, resulting in an initial white paper containing a detailed project description. Ultimately, the NCCoE will develop an example solution and publish that information in a NIST Cybersecurity Practice Guide, which provides detailed information on how to implement the solution.

Who Should Attend and Why

Executives at consumer-facing organizations should attend to share information on business drivers and constraints that would be relevant to any example solution.

Technical experts at consumer-facing organizations and payment ecosystem vendors – hardware, software, processors, financial institutions, etc. – should attend to provide critical technical information.

The consumer-facing/retail sector makes up the backbone of the American economy. This workshop will hone in on a technical cybersecurity challenge facing this sector and lay the groundwork for developing an example solution. Be part of the conversation to develop a challenge statement that incorporates your insight and expertise.


This event is graciously sponsored by

 HPE logo

Launch of NCCoE Medical Devices Use Case

Wednesday, December 17, 2014

The National Cybersecurity Center of Excellence (NCCoE) and the Technological Leadership Institute (TLI) at the University of Minnesota, in collaboration with members of the medical devices manufacturing and user community, have drafted a use case focused on the security of wireless medical infusion pumps. The two organizations will officially launch the new use case at an event on Thursday, December 18, 2014 in Minnesota. Gavin O’Brien, the NCCoE project leader for this use case, will attend, along with the leadership of the TLI and Minnesota Congressman Erik Paulsen. The use case will be available for public comment on the NCCoE website beginning on December 18.

7:30 - 9:00 a.m.

McNamara Alumni Center
University of Minnesota
200 SE Oak St
Minneapolis, MN 55414

There is no fee to attend. Please register at