Ms. Nelson currently serves as the Information Technology Security Officer and Privacy Liaison for the NIST Office of the Director, managing all IT security- and privacy-related activities across the organization to ensure the availability, integrity, confidentiality, and protection of customer, business partner, employee, and NIST programmatic information in compliance with the U.S. Federal Information Security Modernization Act (FISMA) and NIST's IT Security Program.
Title of Talk: Risk-Based Security Control Assessments for Federal Information Systems
Description of Talk: In support of compliance with the Federal Information Security Modernization Act (FISMA), the National Institute of Standards and Technology (NIST) has developed a framework, including a set of Federal Information Processing Standards (FIPS), that government agencies are required to use in order to achieve compliance. Additionally, many non-governmental and commercial organizations have also willingly adopted FISMA, in order to achieve the high level of assurance for information security that compliance provides. This talk will provide a high-level overview of how NIST performs security control assessments of the services, applications, and systems, including those in the cloud, that it uses to support the organizational mission.