This workshop will give participants a chance to evaluate the good, bad and the ugly of the NIST proposed cybersecurity framework released in February 2013. The session will also discuss legal issues about the framework and its being considered a de facto standard for organizations in the U.S. Elements of the framework core will be evaluated for their theoretical and practical value.