Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Publications

Search Publications by Ronald S. Ross

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 56

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

Control Baselines for Information Systems and Organizations

December 11, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Control Baselines for Information Systems and Organizations

October 29, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

February 21, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Kelley L. Dempsey, Mark Riddle, Gary Guissanie
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Guide for Security-Focused Configuration Management of Information Systems

October 11, 2019
Author(s)
Arnold Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
[Includes updates as of October 10, 2019] Guide for Security-Focused Configuration Management of Information Systems provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 02-20-2018]

February 20, 2018
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 06/07/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

Rethinking Security through Systems Security Engineering

December 21, 2016
Author(s)
Ronald S. Ross, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-160: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. The publication addresses the engineering-driven

Protection of Controlled Unclassified Information

October 19, 2015
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The publication the protection of Controlled Unclassified Information (CUI) while