Topic: Overview of what is new in Draft NIST Special Publication (SP) 800-53A, Assessing Security and Privacy Controls in Information Systems and OrganizationsSpeaker: Victoria Yan Pillitteri, NIST
CPE Hours: 1
Background: Control assessments are not about checklists, simple pass/fail results, or generating paperwork to pass inspections or audits. The testing and evaluation of controls in a system or organization is to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome are critical to managing and measuring risk. Additionally, control assessment results serve as an indication of the quality of the risk management processes, help identify security and privacy strengths and weaknesses within systems, and provide a road map to identifying, prioritizing, and correcting identified deficiencies.
Draft NIST Special Publication (SP) 800-53A, Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations, provides organizations with a flexible, scalable, and repeatable assessment methodology and assessment procedures that correspond with the controls in NIST SP 800-53, Revision 5. Like previous revisions of SP 800-53A, the generalized assessment procedures provide a framework and starting point to assess the enhanced security requirements and can be tailored to the needs of organizations and assessors. The assessment procedures can be employed in self-assessments or independent third-party assessments.
Learning Objectives:
- The purpose of NIST SP 800-53A
- About the updates in Draft SP 800-53A, Revision 5 and new resources to support use of the publication
- About opportunities to engage and contribute your expertise to NIST publications
Speaker Bio:
Victoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and leads the Risk Management Framework team (Federal Information Security Modernization Act (FISMA) Implementation Project). The group conducts the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government, and the associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group, a partnership with Department of Defense, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks, and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted by NIST. Pillitteri is the co-author of multiple NIST publications, including Special Publications (SP) 800-53, 800-37, 800-171, 800-171A, 800-172, and 800-172A.
MS. Pillitteri holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, completed the Key Executive Leadership Program at American University, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program and is SES certified by the Office of Personnel Management Qualifications Review Board.
IMPORTANT: Registration required in order to receive CPEs for attendance.
_past_event