National Institute of Standards and Technology senior computer scientist Ron Ross has been called Mr. FISMA. As the project lead for the Federal Information Security Management Act implementation project, he plays a central role in setting cybersecurity requirements for federal agencies and providing guidance on how to meet those requirements.
Last year was a busy one for Ross, who helped establish guidelines that emphasize risk management and "continuous monitoring" over basic compliance. NIST has revamped the security authorization process, updated a guide to recommended security controls, and is finalizing a new risk management framework. Ross leads a partnership that's working to develop a more unified security framework across defense, civilian, and intelligence agencies--the new FISMA authorization process will be used by all federal organizations. Before joining NIST, Ross had a 20-year military career, during which he held various technical and leadership positions. He also worked on assignment for the National Security Agency.