NIST Cybersecurity History with Dr. Ron Ross
HTML-код
- Опубликовано: 16 июл 2024
- In this episode Jacob talks with Dr. Ron Ross from NIST! This is the 1st of a three-part series with Dr. Ross.
In the episode Dr. Ross shares the fascinating history of NIST’s involvement in cyber security!
Here are some key topics we discussed:
- How he started at NIST and the projects he has worked on
- NIST's and the Joint Task Force's Mission
- How he convinced the DoD to transition from DIACAP to RMF
- The history of continuous monitoring program
- The origins of NIST 800-171
- Why NIST did not adopt ISO 27001
- The goal of NIST 800-160
Dr. Ross is the author of multiple publications including Risk Management Framework (RMF), NIST 800-53, NIST 800-171, and many more!
Dr. Ross leads the FISMA Implementation Project which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.
He also leads the Joint Task Force, an interagency group that includes the DoD, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a unified information security framework for the federal government and its contractors.
Follow Ron on LinkedIn: / ronrossecure
NIST CSRC Website: csrc.nist.gov/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: grcacademy.io/courses/?...
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: grcacademy.io/ref/keeper/b2b-...
See the CMMC controls that Keeper meets: grcacademy.io/ref/keeper/cmmc...
00:00 Beginning
00:24 Ron's background
01:21 The mission of NIST
02:31 How Ron started at NIST
04:10 Difference between frameworks and standards
04:38 Types of NIST publications
05:34 How Ron convinced the DoD and others to adopt RMF
08:13 The history of continuous monitoring program
10:51 The history of NIST 800-171
15:16 How NIST gets feedback on publications
17:24 Does NIST track the adoption of its publications?
19:37 Why NIST did not adopt ISO 27001
21:41 The goal of NIST 800-160
27:01 NIST's position on public-private partnerships
29:02 Conclusion 
Наука
What a fascinating conversation!
Agreed, glad you enjoyed it!!
Great insights!
Glad you enjoyed it, Derrich! Appreciate your support!