BROADCASTS.com

b'The National Institute of Standards and Technology characterizes its new guidance released this past week as transformational, and no one can speak more authoritative about it than Ron Ross, NIST\'s highly regarded senior computer scientist, information security researcher and FISMA implementation project leader who co-authored the guide.\\n\\n

Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, encourages continual system authorization by implementing robust continuous monitoring processes.\\n\\n

Why is this revision of SP 800-37 significant? Here\'s Ross\' response:\\n\\n

"There are a lot of reasons; I think the obvious one that everybody is talking about are its continuous monitoring aspects. This really reflects the significant uptake in the threats and the type of attacks that we\'ve seen grow almost exponentially over the past couple of years. The adversaries are launching more attacks; they\'re more sophisticated, and we have to have the tools, the techniques and the type of technologies available, and deploy those with the appropriate strategy and tactics to really make a difference in helping defend our systems. The new 37 is intended to recast the previous C&A-certification and accreditation - process that we\'ve been using for decades just to reflect the up tempo of the kind of threat base we operate in today."

In the interview, Ross also addresses:\\n\\n

\\n\\n
• The move toward real-time monitoring of information systems.
\\n\\n
• A three-year collaboration with information security experts from the military, intelligence agencies and the private sector to create the guidance.
\\n\\n
• How the six-step risk management framework aimed at building security into new technology can be employed to minimize risk in legacy systems.
\\n\\n

Ross was interviewed by GovInfoSecurity.com managing editor Eric Chabrow.\\n\\n

(Earlier this year, in another interview with GovInfoSecurity.com, Ross discussed the challenges of achieving a totally secure IT system. Click here for the audio and here for a transcript.)\\n\\n

Ross also supports the State Department in the international outreach program for information security and critical infrastructure protection. He previously served as the director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. \\n\\n

A graduate of the United States Military Academy at West Point, Ross served in a variety of leadership and technical positions during his 20-year career in the Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an interagency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. He\'s a two-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government. During his military career, Ross served as a White House aide and as a senior technical advisor to the Department of the Army. \\n\\n

Ross is a graduate of the Program Management School at the Defense Systems Management College and holds a master and Ph.D. in computer science from the United States Naval Postgraduate School.'