NIST’s Ron Ross on baking security into the government’s software systems

Host Kevin Greene and guest Ron Ross, a fellow at National Institute of Standards and Technology, discuss cybersecurity practices that can improve the way the federal government builds, designs and acquires software systems. Ross shares upcoming improvements federal agencies can expect as part of additions to NIST special publications, in particular NIST 800-53 and NIST 800-160.

Ross leads the Federal Information Security Management Act Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors and the U.S. critical information infrastructure. He is the principal architect of the NIST Risk Management Framework, a multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of security standards and guidelines into a comprehensive enterprisewide information security program.

This year, Ross was inducted into the National Cyber Security Hall of Fame. He is also a recipient of the Samuel J. Heyman Service to America medal for Homeland Security and Law Enforcement.


FedScoop’s podcast series “Cybersecurity Insights & Perspectives” explores the latest news and developments in cybersecurity and information assurance affecting federal agencies, featuring some of the top commercial and academic research experts in the country.

Host Kevin Greene has more than 17 years of cybersecurity and information assurance experience. His contributions to FedScoop represent his own views and do not reflect the positions or policies of any federal agency. Follow him at @iamkevtorious.

New episodes are posted every other Wednesday at noon (ET), at the beginning and middle of each month. Look for Part 2 of our conversation with Ron Ross in the next episode, December 16.