Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Victoria Yan Pillitteri (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 36

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

October 21, 2024
Author(s)
Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Gregory Witte
This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

Assessing Security Requirements for Controlled Unclassified Information

May 14, 2024
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri
The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides

Automation Support for Control Assessments - Project Update and Vision

December 6, 2023
Author(s)
Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri
In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and

Guide to Operational Technology (OT) Security

September 28, 2023
Author(s)
Keith A. Stouffer, Michael Pease, CheeYee Tang, Timothy Zimmerman, Victoria Yan Pillitteri, Suzanne Lightman, Adam Hahn, Stephanie Saravia, Aslam Sherule, Michael Thompson
This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

September 26, 2023
Author(s)
Yang Guo, Jeremy Licata, Victoria Yan Pillitteri, Sanjay (Jay) Rekhi, Robert Beverly, Xin Yuan, Gary Key, Rickey Gregg, Stephen Bowman, Catherine Hinton, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific

Assessing Enhanced Security Requirements for Controlled Unclassified Information

March 15, 2022
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Kelley L. Dempsey
The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach

December 8, 2021
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
NIST Special Publication (SP) 800-160, Volume 2, Revision 1, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop

Approaches for Federal Agencies to Use the Cybersecurity Framework

August 17, 2021
Author(s)
Jeffrey Marron, Victoria Yan Pillitteri, Jon M. Boyens, Stephen Quinn, Gregory Witte
The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards

Managing the Security of Information Exchanges

July 20, 2021
Author(s)
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021
Author(s)
Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

Control Baselines for Information Systems and Organizations

December 11, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Control Baselines for Information Systems and Organizations

October 29, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

February 21, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Kelley L. Dempsey, Mark Riddle, Gary Guissanie
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned