2020 National Cyber Summit

Summit Speaker Brian Ruf

Session Information

Security Automation Simplified via NIST's Open Security Controls Assessment Language (OSCAL)
Wednesday, June 5, 2019 2:15 p.m. - 3:00 p.m.
Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of container technology employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.
Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.
Von Braun Center - South Hall | Ballroom 2
Dr. Michaela Iorga photo
Dr. Michaela Iorga
Senior Security Technical Lead
National Institute of Standards and Technology
Dr. Iorga, a recognized expert in information security, risk assessment and information assurance for cloud, fog and IoT systems, has a deep understanding of cybersecurity, identity and credential management, and cyberspace privacy issues. In her capacity at NIST, she works with industry, academia, and other government stakeholders on developing vendor-neutral security and forensics guidance and standards. Dr. Iorga is also managing several NIST efforts that include the development of the Open Security Controls Assessment Language (OSCAL), the fog computing conceptual model, the cognitive-based IoT devices fingerprinting, and the risk management for cloud-based systems.
Brian Ruf CISSP, PMP photo
Brian Ruf CISSP, PMP
FedRAMP PMO SME
FedRAMP/GSA
Brian began his 30 year IT career as a programmer and network engineer. In the late 90’s he was part of a core team applying cyber security to a (then) next generation air traffic control system. Since 2000, he has led efforts for government agencies, pharmaceutical companies, telecommunication providers, and financial institutions on topics involving the intersection of risk management, cyber security, system development lifecycle methodologies, and process re-engineering. Brian joined the FedRAMP PMO in July 2015, where he was instrumental in the success of FedRAMP Accelerated and related improvements. Brian represents FedRAMP on the OSCAL development team, and is leading efforts to automate the FedRAMP authorization process.