RMF Discussion with Ron Ross, NIST

Nick Thomas with InfoSecSync and Kevin Cedeno chat with Dr. Ross about new and upcoming NIST guidance. The new NIST 800 -37 vs 2 is known as Cyber Security Framework 2.0 that incorporates privacy and GPDR. The first privacy controls were introduced in 2011 and version 5 will coming out later this fall that will that will incorporate all the privacy controls.

This framework is customizable. "Don’t let the Senior Leadership turn RMF this into a compliance exercise." Ross

Listen to Dr. Ross explain how a screen saver is a control that would need to be tailored out in the case of our air traffic controllers.

“Let’s bring the warfighters mentality into the cyber area, we will win the fight.” Ross