Your Tax Dollars Hard at Work: How 800-53 and STIGS Help in Non-government Space

As a newly-minted IT director, I knew enough about Information Assurance/INFOSEC/Cybersecurity to know that I didn’t know enough, and smartly hired it out. I wished that I had known of good study materials to help me understand what security risks needed to be met, and step-by-step instructions to harden my systems. Years later, I was exposed to Risk Management Framework (RMF) and learned about Security Technical Implementation Guides (STIGS) and NIST 800-53 (security controls handbook). Had I known about these back then, I would have been a much better IT director. I am sure that there are those working in non-government space that don’t know what these are. This talk is to provide a tour of NIST 800-53, STIGS for non-governmental employees, to help them see how to protect their networks, what levels of control implementation are appropriate, and a basic hands-on how-to guide.