Publications

Displaying 51 - 75 of 120

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 09-03-2015]

October 1, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Supersedes SP 800-171 (June 2015, updated 1/14/2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920191] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

June 18, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Superseded by SP 800-171 (June 2015, w/updates through 09/03/2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919562] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/22/2015]

January 22, 2015

Author(s)

Ronald S. Ross

[Rev. 4 was superseded by Rev. 5 on 9/23/2020; Rev. 4 will be withdrawn one year from that date, on 9/23/2019] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

December 10, 2014

Author(s)

Ronald S. Ross

[Superseded by SP 800-53A Rev. 5 (January 2022): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933932] This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

June 10, 2014

Author(s)

Ronald S. Ross

This publication provides guidelines for applying the Risk Management Framework (RMF) to federal information systems. The six-step RMF includes security categorization, security control selection, security control implementation, security control

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

June 3, 2014

Author(s)

Kelley L. Dempsey, Ronald S. Ross, Kevin M. Stine

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]

January 15, 2014

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4(April 2013 w/ updates through 1/22/15): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904] This publication provides a catalog of security and privacy controls for federal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations [includes updates as of 5/7/13]

May 7, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/ updates through 1/15/14): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915447] This publication provides a catalog of security and privacy controls for federal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations

April 30, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/updates through 5/7/13): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913693]This publication provides a catalog of security and privacy controls for federal information systems and

Guide for Conducting Risk Assessments

September 17, 2012

Author(s)

Ronald S. Ross

The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

What Continuous Monitoring Really Means

July 24, 2012

Author(s)

Ronald S. Ross

[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011

Author(s)

L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey

The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Managing Information Security Risk: Organization, Mission, and Information System View

March 1, 2011

Author(s)

Ronald S. Ross

The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets

Search Publications by: Ronald S. Ross (Fed)