[2/27/24, 11:00 AM EST] CSRC has been experiencing technical issues. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
The NIST Risk Management Framework Team conducts the research and develops the suite of key cybersecurity risk management standards and guidelines, as required by Congressional legislation to support implementation of the Federal Information Security Modernization Act (FISMA) and to assist organizations better understand and manage cybersecurity risk for their systems and organizations.
We collaborate with the Cyber Supply Chain Risk Management Team in the NIST Computer Security Division and Privacy Engineering Team in the NIST Applied Cybersecurity Division to develop the suite of comprehensive risk management guidance.
Victoria Yan Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and Project Leader of the Risk Management Framework (FISMA Implementation Project). She also serves as co-chair of the Federal Cybersecurity and Privacy Professionals Forum.
For more about Victoria, see her Staff Profile Page.
Ron Ross a Fellow at the National Institute of Standards and Technology. His focus areas include computer security, systems security engineering, trustworthy systems, and security risk management. Dr. Ross currently leads the NIST Systems Security Engineering Project which includes the development of standards and guidelines for the federal government, contractors, and United States critical infrastructure.
For more about Ron, see his Staff Profile Page.
Eduardo Takamura is a security researcher and a member of the RMF Team at NIST. Prior to joining NIST, Eduardo supported NASA and NOAA as (FISMA) Compliance Project Manager, ISSO, ISSE, Control Assessor, System Administrator, and served in other supervisory and non-supervisory IT-related capacities. While the highlight of his 22+ year professional career in support of the federal government was his service as ISSO for a NASA mission to Mars, the opportunity to serve federal cybersecurity and privacy professionals and their supporting contractors to help them manage risks is what brings him most professional joy and fulfillment.
For more about Eduardo, see his Staff Profile Page.
Derek Sappington is an IT Specialist (Security) and a member of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Prior to joining NIST, he served as a contractor at Huntington Ingalls Industries.
For more about Derek, see his Staff Profile Page.
Jeremy Licata is a security practitioner and a member of the RMF Team at NIST. Over his career, he has supported several federal agencies and not-for-profit organizations in a full spectrum of IT-related capacities, most recently supporting the NASA security program as a lead security control assessor. His ongoing focus is to empower stakeholders to better understand their security posture amidst ever-changing technologies.
For more about Jeremy, see Staff Profile Page.
Jeff Brewer is a Management and Program Analyst providing key logistical support as the Secretariat for the Federal Cybersecurity and Privacy Professionals Forum and the Federal Cyber Supply Chain Risk Management Forum. Jeff serves as the Designated Federal Officer (DFO) for the Information Security and Privacy Advisory Board (ISPAB) and performs COR Level II responsibilities for numerous contracts. Jeff is inspired daily by the team’s accomplishments and is happiest making things happen from behind-the-scenes.
For more about Jeff, see his Staff Profile Page.