Travis Howerton on Automating Security & Compliance

In this episode, Tom welcomes back Travis Howerton and they explore the importance of NIST 800-53 Rev. 5, the latest version of the National Institute of Standards and Technology's security guidance for organizations. With new controls to address privacy and a heightened focus on supply chain and third-party risk, this version of the NIST standard is essential for organizations to access government contracts and revenue and is increasingly important to protect organizations from cyberattacks. Automation is also becoming increasingly necessary to help organizations meet these standards, highlighting the need for continuous improvement of security measures. This episode goes in-depth on NIST 853 Rev Five, making it a must-listen for organizations looking to stay secure and compliant.
The US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 800-53 Rev. 5 addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.
As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.
FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.
Key Highlights
·      NIST 800-53 Rev. Five
·      NIST and FedRAMP
·      Cybersecurity Requirements
·      Cybersecurity Regulations
·      Continuous Improvement of Standards
 Resources
 Travis Howerton on LinkedIn
RegScale
Tom Fox
Instagram
Facebook
YouTube
Twitter
LinkedIn