Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Ronald S. Ross (Fed)

Displaying 26 - 50 of 59

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

June 18, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Superseded by SP 800-171 (June 2015, w/updates through 09/03/2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919562] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/22/2015]

January 22, 2015

Author(s)

Ronald S. Ross

[Rev. 4 was superseded by Rev. 5 on 9/23/2020; Rev. 4 will be withdrawn one year from that date, on 9/23/2019] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

December 10, 2014

Author(s)

Ronald S. Ross

[Superseded by SP 800-53A Rev. 5 (January 2022): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933932] This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

June 10, 2014

Author(s)

Ronald S. Ross

This publication provides guidelines for applying the Risk Management Framework (RMF) to federal information systems. The six-step RMF includes security categorization, security control selection, security control implementation, security control

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

June 3, 2014

Author(s)

Kelley L. Dempsey, Ronald S. Ross, Kevin M. Stine

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]

January 15, 2014

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4(April 2013 w/ updates through 1/22/15): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904] This publication provides a catalog of security and privacy controls for federal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations [includes updates as of 5/7/13]

May 7, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/ updates through 1/15/14): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915447] This publication provides a catalog of security and privacy controls for federal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations

April 30, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/updates through 5/7/13): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913693]This publication provides a catalog of security and privacy controls for federal information systems and

Guide for Conducting Risk Assessments

September 17, 2012

Author(s)

Ronald S. Ross

The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

What Continuous Monitoring Really Means

July 24, 2012

Author(s)

Ronald S. Ross

[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011

Author(s)

L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey

The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Managing Information Security Risk: Organization, Mission, and Information System View

March 1, 2011

Author(s)

Ronald S. Ross

The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets

Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans

June 29, 2010

Author(s)

Ronald S. Ross, L A. Johnson

[Superseded by SP 800-53A Rev. 4 (December 2014): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917644] Special Publication 800-53A, Revision 1 provides guidelines for developing security assessment plans and associated security control

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 5/1/2010]

May 1, 2010

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918664] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and depth of security requirements

Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach

February 22, 2010

Author(s)

Ronald S. Ross, L A. Johnson

[Superseded by SP 800-37 Rev. 1 (February 2010, w/updates through 6/5/2014): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=916094] The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 9/14/2009]

September 14, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 5/1/2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=903280] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 8/12/2009]

August 12, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 9/14/2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918661] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Recommended Security Controls for Federal Information Systems and Organizations

August 3, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 8/12/2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918662] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans

July 1, 2008

Author(s)

Ronald S. Ross, L A. Johnson, Stuart W. Katzke, Patricia R. Toth, G. Stoneburner, G Rogers

[Superseded by NIST SP 800-53A, Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065] The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and

Managing Risk from Information Systems - Second Public Draft

April 9, 2008

Author(s)

Ronald S. Ross, Stuart W. Katzke, Marianne M. Swanson, L A. Johnson, G Stoneburner

Recommended Security Controls for Federal Information Systems

December 19, 2007

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson, Marianne M. Swanson

[Superseded by NIST SP 800-53 Rev. 3 (August 2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918663] This publication revises NIST SP 800-53 Revision 1 by adding specific guidance on the application of security controls to Industrial

NIST Delivers Strong and Flexible Security Standards Managing Enterprise Risk in a World of Sophisticated Cyber Threats

July 9, 2007

Author(s)

Ronald S. Ross

This article summarizes the fundamental concepts of the FISMA project and reinforces the core principles that have guided the project from its initiation in 2003.

Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs

December 28, 2006

Author(s)

Ronald S. Ross

The Federal Information Security Management Act of 2002 places significant requirements on federal agencies for the protection of information and information systems including those systems comprising the critical infrastructure of the United States. The

Recommended Security Controls for Federal Information Systems

December 19, 2006

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson, Marianne M. Swanson, G Stoneburner, G Rogers

[Superseded by NIST SP 800-53 Revision 2 (December 2007): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51351] The purpose of this publication is to provide guidelines for selecting and specifying security controls for information systems

Minimum Security Requirements for Federal Information and Information Systems

March 1, 2006

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson

FIPS 200 is the second standard that was specified by the Federal Information Security Management Act (FISMA). It is an integral part of the risk management framework that the National Institute of Standards and Technology (NIST) has developed to assist