Training TR2 – Near Real-Time Risk Management Process: NIST SP 800-37

Patricia Toth, National Institute of Standards and Technology

Wednesday, December 8th, 15:30-17:00 & Thursday, December 9th, 10:30-12:00

The National Institute of Standards and Technology (NIST), in collaboration with the Office of the Director of National Intelligence, the Department of Defense, and the Committee on National Security Systems (CNSS), recently updated Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, (formerly the security certification and accreditation guideline). The revised publication transforms the traditional static, stovepiped certification and accreditation process into a process that supports near real-time risk management. This session describes how the process of certification and accreditation is integrated into the Risk Management Framework, and focuses on the continuous monitoring of security controls to determine the security state of organizational information systems and environments of operation.

Prerequisites

None

About the Instructor

Patricia Toth is a Computer Scientist in the Computer Security Division at the National Institute of Standards and Technology. She graduated from the State University of New York Maritime College with a bachelor.s degree in Computer Science and Math. Pat served on active duty with the U.S. Navy at the Naval Security Group Activity, Fort Meade, Maryland. Pat has worked numerous documents and projects during her 18 years at NIST including the Common Criteria, Common Criteria Evaluation Program and serving as Program Chair for the National Computer Security Conference. Most recently she has worked with the FISMA team to produce the family of FISMA documents and has produced a series of Quick Start Guides covering the Risk Management Framework.