COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessment Language (OSCAL) project as a way to standardize control, implementation and assessment information using an open, machine-readable format.
1: Understand how to leverage automation to secure systems against multiple standards.
2: Learn how OSCAL is designed and how it can be used.
3: Discover how you can be a part of developing this new standard of standards.
Speakers: Anil Karmel, David Waltermire
Anil Karmel is the Co-Founder and CEO of C2 Labs, a company that partners with organizations on their digital transformation journey, from designing and implementing IT Strategic Plans to rationalizing application portfolios and cutting-edge R&D, allowing IT to take back control leveraging our forward-leaning products and services. Formerly, Karmel served as the National Nuclear Security Administration’s (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served as the Chief Architect and Implementation Lead for a range of enterprise information technology solutions. Karmel and his team garnered industry and government accolades, including the SANS National Cybersecurity Innovators Award, InformationWeek 500 Top Government IT Innovators and the DOE Secretary’s Achievement Award.
David Waltermire is the Lead Standards Architect for the Security Automation Program at the National Institute of Standards and Technology. He is a significant contributor to the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP), Continuous Monitoring and other security automation projects. He has worked as a Security Consultant advancing security automation capabilities within the government sector. His background is in systems and network operations for Internet service providers and also working as a Software Engineer designing and developing distributed systems. His research experience includes incident handling, continuous monitoring, vulnerability identification, anomaly detection, and data analysis and modelling techniques.