The Future of NIST SP 800-53: Revision 6 and Beyond

NIST Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, provides a comprehensive set of countermeasures to protect systems and organizations and manage cybersecurity, privacy, and cyber supply chain risk. The SP 800-53 controls are used as part of a cybersecurity and privacy risk management process by organizations small and large, public and private, and across all sectors of the U.S and international economy. In federal agencies, “800-53” is often synonymous with “FISMA implementation,” and is used as a common language to communicate cybersecurity, privacy and cyber supply chain outcomes within and across organizations. To keep pace with the dynamically changing threat landscape, organizations are leveraging more and more automation to make informed cybersecurity and privacy risk management and operational decisions, and NIST is also offering many new resources to support automation. The SP 800-53 controls, baselines, and assessment procedures are now available in PDF, spreadsheet, and various machine-readable formats to support adoption and use. NIST has also developed a new online tool to ensure that the controls can be kept up-to-date and encourage transparency and stakeholder engagement in the development process. Join us to learn more about what NIST is doing to simply, automate and innovate the development and dissemination of NIST’s most downloaded publication, and the future of NIST SP 800-53.

Wednesday, December 8, 2021, 11am-12pm EST

This seminar can be viewed remotely via Microsoft Teams: Join here

Presentation located here. Recorded session is available through NASATube.

IS&T Colloquium Committee Host: Matt Dosberg

Victoria Yan Pillitteri
Acting Manager, Security Engineering and Risk Management
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology

Victoria Yan Pillitteri
is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST).  Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and leads the Risk Management Framework team (Federal Information Security Modernization Act (FISMA) Implementation Project). The group conducts the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government, and the associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group, a partnership with Department of Defense, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks, and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted by NIST. Pillitteri is the co-author of multiple NIST publications, including Special Publications (SP) 800-53, SP 800-53A, SP 800-53B, 800-37, 800-171, 800-171A, 800-172, and 800-172A.


MS. Pillitteri holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, completed the Key Executive Leadership Program at American University, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program and is SES certified by the Office of Personnel Management Qualifications Review Board.