Tag: Travis Howerton

Categories
Innovation in Compliance

Innovation in Compliance – Travis Howerton on Automating Security & Compliance

In this episode, Tom welcomes back Travis Howerton and they explore the importance of NIST 800-53 Rev. 5, the latest version of the National Institute of Standards and Technology’s security guidance for organizations. With new controls to address privacy and a heightened focus on supply chain and third-party risk, this version of the NIST standard is essential for organizations to access government contracts and revenue and is increasingly important to protect organizations from cyberattacks. Automation is also becoming increasingly necessary to help organizations meet these standards, highlighting the need for continuous improvement of security measures. This episode goes in-depth on NIST 853 Rev Five, making it a must-listen for organizations looking to stay secure and compliant.

The US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 800-53 Rev. 5 addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.

As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.

FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.

Key Highlights

·      NIST 800-53 Rev. Five

·      NIST and FedRAMP

·      Cybersecurity Requirements

·      Cybersecurity Regulations

·      Continuous Improvement of Standards

 Resources

 Travis Howerton on LinkedIn

RegScale

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Travis Howerton on Automating Security & Compliance

Automation in the compliance arena is becoming increasingly ubiquitous. Yet many of the most significant innovations for automation are not found in the anti-bribery/anti-corruption space but in adjacent spaces. That message was once again driven home to me when I had the chance to sit down with Travis Howerton, Co-Founder and Chief Technology Officer (CTO) at RegScale for a podcast interview (Howerton’s interview will post on the Innovation in Compliance Podcast in August.)

What I found most interesting and indeed the most insightful for the compliance professional is that the US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 853 Revision Five addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.

As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.

FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.

The government is driving the need for robust cybersecurity down the supply chain. Cyberattacks can be used for a number of nefarious reasons, including theft of IP. The government is looking to make cybersecurity a requirement in law and contracts and can cancel contracts for cause if not met. Boeing now has the clout to require companies to have a NIST certified or attested cybersecurity program.

NIST 853 Revision Five is the latest version of the government’s standards for cloud services providers. It includes new control families and changes to existing ones. It is expensive to develop a Rev Four package and the government is likely to continue to revise the standards. Third party assessment organizations will have to train up on new families and redo a lot of work to meet the new standards. Cyber hiring metrics in the US show that there is not a surplus of people to meet the increased demand for Rev Five.