Training TR1 – Security Controls: NIST SP 800-53 Revision 4

Kelley Dempsey, National Institute of Standards and Technology

Wednesday, 10:30-12:00

The National Institute of Standards and Technology (NIST), in collaboration with the Office of the Director of National Intelligence, the Department of Defense, and the Committee on National Security Systems (CNSS), is currently updating Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations. Revision 3 published August 2009 contains the first unified set of security controls for both non national security and national security systems. Revision 4, scheduled for publication December 2011, will provide significant updates for controls in many new areas, including insider threats, supply chain, application security, industrial control systems, and privacy.

Prerequisites

None

About the Instructor

Kelley Dempsey began her career in IT in 1986 as an electronics technician repairing PCs and printers before moving on to system administration and network management in the early 90s. While with the Department of the Navy in 1999, she began focusing on information system security by training for and then conducting a large scale DITSCAP certification and accreditation from start to finish. In 2001, Kelley joined the NIST operational Information Security team, managing the NIST information system certification and accreditation program through September 2008. Kelley joined the NIST Computer Security Division FISMA team in October 2008 and has co-authored NIST SP 800-128 (Security-Focused Configuration Management) and NIST SP 800-137 (Information Security Continuous Monitoring) and was also a major contributor to NIST SPs 800-53 Rev 3, 800-37 Rev 1, 800-53A Rev 1, and 800-39. Kelley completed a B.S. degree in Management of Technical Operations from Embry-Riddle Aeronautical University, graduating cum laude in December 2003 and earned a CISSP certification in June 2004.