Training TR1 – Cyber Security Controls: NIST SP 800-53 Rev3 & CNSSI 1253

Kelley Dempsey, National Institute of Standards and Technology

Wednesday, December 8th, 10:30-12:00 & 13:30-15:00

The National Institute of Standards and Technology (NIST), in collaboration with the Office of the Director of National Intelligence, the Department of Defense, and the Committee on National Security Systems (CNSS), recently updated Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations. This historic publication, for the first time, contains a unified set of security controls for both non national security and national security systems. This session provides an overview of the unified security control catalog and the security control selection process described in NIST SP 800-53, Revision 3, as well as an introduction to CNSS Instruction 1253, the publication that provides implementation guidance for the national security community using SP 800-53.



About the Instructor

Kelley Dempsey began her career in information technology in 1986 as an electronics technician repairing PCs and printers before moving on to system administration and network management throughout the 1990s. While employed by the Department of the Navy in 1999, she began focusing on information system security by training for and conducting large scale DITSCAP system accreditations from start to finish. Kelley and her husband moved to the DC area from California in the spring of 2001 and Kelley joined the NIST operational Information Security team, managing the NIST information system certification and accreditation program through September 2008. Kelley joined the NIST Computer Security Division FISMA team in October 2008 and is a co-author of NIST SP 800-128 Security Configuration Management (draft) and the upcoming NIST SP 800-137 Continuous Monitoring Guidance (working title only). Kelley has also been a major contributor to NIST SPs 800-53 Rev 3, 800-37 Rev 1, and 800-53A Rev 1. Kelley completed a B.S. degree in Management of Technical Operations from Embry-Riddle Aeronautical University, graduating cum laude in December 2003 and maintains a CISSP certification earned in June 2004.