ICIT On-Demand - Interactive Security Testing, DevSecOps, and NIST SP 800-53 Rev. 5
Updated: Feb 12
Dr. Ron Ross, Fellow, NIST & 2019 ICIT Pioneer
Tim Anderson, ICIT Contributor & Sr. Security Advisor, AWS
Jeff Hsiao, ICIT Contributor & Security Solutions Engineer, Checkmarx
Parham Eftekhari, Board Chair, ICIT & Executive Director, The Cybersecurity Collaborative
Joyce Hunter, Executive Director, ICIT & Former Deputy CIO for Policy and Planning, USDA
The need for increasing levels of software security is becoming even more apparent as organizations migrate applications to the Cloud and adopt DevSecOps as part of their software development and operational processes. During this panel discussion, panelists including Dr. Ross from NIST discussed the latest security guidance under NIST SP 800-53 Rev. 5, and the role security plays as organizations migrate applications to the Cloud and embrace DevSecOps. Experts explored the new security controls outlined in NIST SP 800-53 Rev. 5, such as “interactive security testing,”, a testing process that detects a wide variety of vulnerabilities by observing actual running applications. The panel also discussed the role that real-time testing and traditional static/dynamic testing play in the new world of DevSecOps. Finally, this session concluded with a discussion of some of the best practices employed by organizations and other agencies as they migrate their applications to the Cloud, and the important role security plays during this transition.
Attendees earned 1 CPE for attending this educational briefing.