Training TR2 – Cyber Security Controls: NIST SP 800-53 Rev3 & CNSSI 1253

Dr. Ron Ross, National Institute of Standards and Technology

Thursday, December 10th, 10:30-12:00

The National Institute of Standards and Technology (NIST), in collaboration with the Office of the Director of National Intelligence, the Department of Defense, and the Committee on National Security Systems (CNSS), recently updated Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations. This historic publication, for the first time, contains a unified set of security controls for both non national security and national security systems. This session provides an overview of the unified security control catalog and the security control selection process described in NIST SP 800-53, Revision 3, as well as an introduction to CNSS Instruction 1253, the publication that provides implementation guidance for the national security community using SP 800-53.

Prerequisites

None

About the Instructor

Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project for NIST, which includes the development of key security standards and guidelines for the federal government, support contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication 800-53 (security controls guideline), NIST Special Publication 800-53A (security assessment guideline), NIST Special Publication 800-37 (security certification and accreditation guideline), and NIST Special Publication 800-39 (risk management guideline). Dr. Ross is also the principal architect of the NIST Risk Management Framework that provides a disciplined and structured methodology for integrating the suite of FISMA security standards and guidelines into a comprehensive enterprise-wide information security program.