In this episode Jacob talks with Dr. Ron Ross from NIST! This is the 2nd of a three-part series with Dr. Ross.

In the episode Dr. Ross shares a status update on NIST 800-171 revision 3. At the time of this recording, NIST has released the 1st initial draft, and the 1st public comment period has closed.

Here are some key topics we discussed:

• Notable changes in NIST 800-171 r3
• Thoughts on public comments
• Strategy on the ODPs
• Encryption (FIPS 140) control ODP
• Independent Assessment control
• Security Protection Assets
• Implementation examples

Dr. Ross is the author of multiple publications including Risk Management Framework (RMF), NIST 800-53, NIST 800-171, and many more!

Dr. Ross leads the FISMA Implementation Project which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

He also leads the Joint Task Force, an interagency group that includes the DoD, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a unified information security framework for the federal government and its contractors.

Follow Ron on LinkedIn: https://www.linkedin.com/in/ronrossecure/

NIST CSRC Website: https://csrc.nist.gov/

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e11&utm_campaign=courses

Need a FedRAMP authorized Password Manager?

Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/

See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/