Dr. Ronald Ross
Fellow, National Institute of Standards and Technology
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include computer security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project and Systems Security Engineering Project, which includes the development of security and privacy standards and guidelines for the federal government, contractors, and United States critical infrastructure. He also leads the Joint Task Force, an interagency group that includes the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a Unified Information Security Framework for the federal government and its contractors. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. He also supports the U.S. State Department in the international outreach program for cybersecurity and critical infrastructure protection. During his twenty-year military career, Dr. Ross served as a White House aide and senior technical advisor to the Department of the Army. Dr. Ross has lectured at many universities and colleges including Stanford University, Massachusetts Institute of Technology, Dartmouth College, Pepperdine University, Naval Postgraduate School, Ohio State University, Auburn University, and Hood College. He also gave the Commencement address at George Washington University (School of Engineering).
Dr. Ross has authored or coauthored many publications on risk management, cybersecurity, systems security engineering, and cyber resiliency. His publications include Federal Information Processing Standards 199 (security categorization) and 200 (security requirements); and Special Publications 800-30 (risk assessments), 800-37 (Risk Management Framework), 800-39 (enterprise risk management), 800-53 (security and privacy controls), 800-53A (security control assessments), 800-160, Volume 1 (systems security engineering), 800-160, Volume 2 (cyber resiliency), 800-171 (protection of Controlled Unclassified Information in nonfederal systems and organizations), 800-172 (enhanced security requirements for advanced cyber-threats) and 800-171A (security assessments for nonfederal systems and organizations).
Dr. Ross has authored or coauthored many publications on risk management, cybersecurity, systems security engineering, and cyber resiliency. His publications include Federal Information Processing Standards 199 (security categorization) and 200 (security requirements); and Special Publications 800-30 (risk assessments), 800-37 (Risk Management Framework), 800-39 (enterprise risk management), 800-53 (security and privacy controls), 800-53A (security control assessments), 800-160, Volume 1 (systems security engineering), 800-160, Volume 2 (cyber resiliency), 800-171 (protection of Controlled Unclassified Information in nonfederal systems and organizations), 800-172 (enhanced security requirements for advanced cyber-threats) and 800-171A (security assessments for nonfederal systems and organizations).