NIST 800-171 rev. 1 (Paperback) | Released: 21 Mar 2019

Written by the former Chief Information Security Officer for the Department of Education (CISO) responsible for closing over 95% of ED's security findings by the Congress.This book is for the cybersecurity specialist or professional needing to understand and implement the 110 NIST SP 800-171 security controls. It is not just about the protection of Controlled Unclassified Information (CUI) because your institution is receiving federal funds. It's about protecting the nation's Intellectual Property (IP)...and you are the first line of defense.This book is written as a step-by-step approach to the 110 security controls. Not all controls need to address immediately, but must be documented, monitored, and managed during the life of the system and data housed within university data centers. Additionally, included are the additional "sub-controls" that were released in June 2018. While this has added to the number of total controls, if the cybersecurity professional or specialist has completely implemented the base control, many of these added controls can be easily answered and addressed to government contract oversight officials.There is still much more work that needs to be done in the area of cybersecurity. We are constantly reminded of ongoing intrusions to both public and private sector websites. What we do here, unlike so many books and articles, is that we describe the "how" to do and fix the specific control. While the challenges are many and ever-changing, the objective of this book is to provide you an initial start-point with many directions to good and complete resources to protect not just CUI data, but the overall IP of your college, university, or research facility.The author is the former CISO at the Department of Education where 2016 he led the effort to close over 95% of the outstanding US Congressional and Inspector General cybersecurity shortfall weaknesses spanning as far back as five years.Mr. Russo is the former Senior Cybersecurity Engineer supporting the Joint Medical Logistics Development Functional Center of the Defense Health Agency (DHA) at Fort Detrick, MD. He led a team of engineering and cybersecurity professionals protecting five major Medical Logistics systems supporting over 200 DOD Medical Treatment Facilities around the globe. In 2011, Mr. Russo was certified by the Office of Personnel Management as a graduate of the Senior Executive Service Candidate program. From 2009 through 2011, Mr. Russo was the Chief Technology Officer at the Small Business Administration (SBA). He led a team of over 100 IT professionals in supporting an intercontinental Enterprise IT infrastructure and security operations spanning 12-time zones; he deployed cutting-edge technologies to enhance SBA's business and information sharing operations supporting the small business community. Mr. Russo was the first-ever Program Executive Officer (PEO)/Senior Program Manager in the Office of Intelligence & Analysis at Headquarters, Department of Homeland Security (DHS), Washington, DC. Mr. Russo was responsible for the development and deployment of secure Information and Intelligence support systems for OI&A to include software applications and systems to enhance the DHS mission. He was responsible for the program management development lifecycle during his tenure at DHS. He holds a Master of Science from the National Defense University in Government Information Leadership with a concentration in Cybersecurity and a Bachelor of Arts in Political Science with a minor in Russian Studies from Lehigh University. He holds Level III Defense Acquisition certification in Program Management, Information Technology, and Systems Engineering. He has been a member of the DOD Acquisition Corps since 2001.