Tuesday 6PM 1 hour event: Speaker Robin Basham
Please, Just Tell Me What to Do
Building Cloud Products for Federal Agencies – Using NIST to Shift Compliance Left
Vendors and Consultants working with Federal Agencies are required to establish secure products and services as tagged to their associated commonly defined security controls (outcomes) and do so using a Cybersecurity Framework mapped to address common cybersecurity-related responsibilities. The most common set of categorized outcomes (a.k.a. Control Families or Control Objectives) is the security controls in NIST SP 800-53 Rev. 5[i], Security and Privacy Controls for Federal Information Systems and Organizations.
People often confuse the NIST RMF requirement with the implementation of the SP 800-53 security and privacy controls catalog. This discussion reinforces what “NIST Compliance”, the RMF, is all about.
NIST guidance offers protection measures that address threats to US critical infrastructure and the continuity of our government.
If you want to build cloud products for Federal Agencies, you better be prepared to understand what the NIST RMF is all about.
About the speaker: Owner EnterpriseGRC Solutions, President, ISC2 East Bay, Certified Information Systems Security (CISSP), Audit (CISA), Governance (CGEIT) and Risk (CRISC NA), ICT GRC expert and early adopter in both certifying and offering certification programs for Cloud Security and Virtualization (CRP, VRP), with industry experience in the management of systems, Controls and data for SaaS (IaaS and PaaS), Finance, Healthcare, Banking, Education, Defense, and High Tech. Positions held include Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director Enterprise Technology for multiple advisory firms, founding, engineering product and running two governance Software companies, past Director Enterprise Compliance for a major player in the mortgage industry, Ellie Mae. Recently full time at Cisco, Sr. Unified Compliance and ISMS Program Manager, Robin currently provides research and training content to major cybersecurity vendors, leads LSHC in support of three MDM clients as well as donates substantial time to supporting social platform security to further social democracy. Robin contributed a mapping refresh for NIST 171/172 to Dr. Ron Ross and Victoria Yan Pillitteri FISMA team and lead the CCM v4.5 to NIST 800-53r5 working group. She is also a past board member of the ISACA SV Chapter. As a lifetime achievement, Robin has convinced over 500 people to stand up and speak on topics involving security and technology.
Currently, Robin is working to promote new mapping for NIST CSF and Privacy frameworks, and CCM 4.5, CIS-CSC v8, SOC 2, NIST 171/172, and ISO/IEC 27001/27002/27017.