The NIST Risk Management Framework Team conducts the research and develops the suite of key cybersecurity risk management standards and guidelines, as required by Congressional legislation to support implementation of the Federal Information Security Modernization Act (FISMA) and to assist organizations better understand and manage cybersecurity risk for their systems and organizations.
We collaborate with the Cyber Supply Chain Risk Management Team in the NIST Computer Security Division and Privacy Engineering Team in the NIST Applied Cybersecurity Division to develop the suite of comprehensive risk management guidance.
For general inquiries on the NIST RIsk Management Framework and supporting publications, please email: sec-cert@nist.gov.
Victoria Yan Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and Project Leader of the Risk Management Framework (FISMA Implementation Project). She also serves as co-chair of the Federal Cybersecurity and Privacy Professionals Forum. For more about Victoria, see her Staff Profile Page. Email: victoria.yan@nist.gov |
|
Ron Ross a Fellow at the National Institute of Standards and Technology. His focus areas include computer security, systems security engineering, trustworthy systems, and security risk management. Dr. Ross currently leads the NIST Systems Security Engineering Project which includes the development of standards and guidelines for the federal government, contractors, and United States critical infrastructure. For more about Ron, see his Staff Profile Page. Email: ron.ross@nist.gov |
|
Kelley Dempsey is a Senior Information Security Specialist in the Computer Security Division at NIST. Her research and publication focus areas include information security continuous monitoring, control assessment automation, and risk management; she has co-authored a variety of publications related to information security risk management. For more about Kelley, see her Staff Profile Page. Email: kelley.dempsey@nist.gov |
|
Eduardo Takamura is a security researcher and a member of the RMF Team at NIST. Prior to joining NIST, Eduardo supported NASA and NOAA as (FISMA) Compliance Project Manager, ISSO, ISSE, Control Assessor, System Administrator, and served in other supervisory and non-supervisory IT-related capacities. While the highlight of his 22+ year professional career in support of the federal government was his service as ISSO for a NASA mission to Mars, the opportunity to serve federal cybersecurity and privacy professionals and their supporting contractors to help them manage risks is what brings him most professional joy and fulfillment. For more about Eduardo, see his Staff Profile Page. Email: eduardo.takamura@nist.gov |
|
Ned Goren is a security researcher and a member of the RMF (FISMA) Team at NIST. He is also the Computer Security Division security officer. Prior to joining NIST, he served as a control assessor and as an ISSO at the U.S. Census Bureau. For more about Ned, see his Staff Profile Page. Email: ned.goren@nist.gov |
|
Rahul Mittal is an IT Specialist and a member of the RMF (FISMA) Team at NIST. During his 10+ years as a federal employee, he has served as a Security Reviewer, ISSO, CISO, and most recently Branch Chief for Compliance and Customer Engagement Support for the Office of Chief Information Officer for HHS. In this role, he interacted with Operational Divisions across the agency and helped health professionals and their supporting contractors apply security and managing risks for systems being rapidly deployed in response to the COVID-19 pandemic. For more about Rahul, see his Staff Profile Page. Email: rahul.mittal@nist.gov |
|
|
Derek Sappington is an IT Specialist (Security) and a member of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Prior to joining NIST, he served as a contractor at Huntington Ingalls Industries. For more about Derek, see his Staff Profile Page. Email: derek.sappington@nist.gov
|
Jeff Brewer is a Management and Program Analyst providing key logistical support as the Secretariat for the Federal Cybersecurity and Privacy Professionals Forum and the Federal Cyber Supply Chain Risk Management Forum. Jeff serves as the Designated Federal Officer (DFO) for the Information Security and Privacy Advisory Board (ISPAB) and performs COR Level II responsibilities for numerous contracts. Jeff is inspired daily by the team’s accomplishments and is happiest making things happen from behind-the-scenes. For more about Jeff, see his Staff Profile Page. Email: jeffrey.brewer@nist.gov |
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act