Ron Ross

Ron Ross is an American computer scientist and cybersecurity specialist who played a central role in the development of federal cybersecurity standards at the National Institute of Standards and Technology (NIST). A retired United States Army lieutenant colonel, Ross was a principal author of numerous NIST Special Publications, including SP 800-53 and SP 800-37, which address information security and risk management frameworks. ^{[1] [2]}

Ron Ross
Dr. Ron Ross
Born	United States
Allegiance	United States
Service / branch	United States Army
Years of service	20 years
Rank	Lieutenant Colonel (Retired)
Alma mater	United States Military Academy (B.S.) Naval Postgraduate School (M.S., Ph.D.) Defense Systems Management College
Other work	Fellow and retired senior computer scientist at the National Institute of Standards and Technology (NIST)

Ross graduated from the United States Military Academy at West Point and earned a master’s and doctorate in computer science from the Naval Postgraduate School, with a focus on artificial intelligence and robotics. He also completed studies at the Defense Systems Management College. ^[2][1]

Ross served 20 years in the United States Army, where he was commissioned as a Second Lieutenant and served as a Mechanized Infantry and Army Acquisition Corps officer. He completed Airborne training and held technical and leadership roles in secure computing, information assurance, and risk management, retiring with the rank of lieutenant colonel.^[3]

After retiring from the military, Ross began his civilian service at the Institute for Defense Analyses before joining the National Institute of Standards and Technology (NIST) as a senior computer scientist. He was named a NIST Fellow, the agency’s highest honorary recognition, for his pioneering leadership in cybersecurity and systems security engineering.^[2]

Ross was a principal architect of key cybersecurity standards and frameworks used across the federal government and private sector. He served as lead author on foundational NIST publications, including:

• FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems (Feb 2004)
• FIPS 200 – Minimum Security Requirements for Federal Information and Information Systems (Mar 2006)
• NIST SP 800-30 – Guide for Conducting Risk Assessments (Sep 2012)
• NIST SP 800-37 – Risk Management Framework for Information Systems and Organizations (Dec 2018)
• NIST SP 800-39 – Managing Information Security Risk (Mar 2011)
• NIST SP 800-53 – Security and Privacy Controls for Information Systems and Organizations (Dec 2020)
• NIST SP 800-53A – Assessing Security and Privacy Controls in Information Systems and Organizations (Jan 2022)
• NIST SP 800-53B – Control Baselines for Information Systems and Organizations (Dec 2020)
• NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems (Oct 2019)
• NIST SP 800-160 Vol. 1 – Engineering Trustworthy Secure Systems (Nov 2022)
• NIST SP 800-160 Vol. 2 – Developing Cyber Resilient Systems (Dec 2021)
• NIST SP 800-171 – Protecting Controlled Unclassified Information (May 2024)
• NIST SP 800-171A – Assessing Security Requirements for CUI (May 2024)
• NIST SP 800-172 – Enhanced Security Requirements for CUI (Feb 2021)
• NIST SP 800-172A – Assessing Enhanced Security Requirements for CUI (Mar 2022)

Ross was a founding member of the Joint Task Force Transformation Initiative, a collaboration among NIST, the Department of Defense, the Office of the Director of National Intelligence, and the Committee on National Security Systems to unify federal cybersecurity frameworks. He also directed the National Information Assurance Partnership (NIAP), a joint NIST and National Security Agency program focused on systems evaluation.

Ross received the Defense Superior Service Medal (awarded in a civilian capacity) for his contributions to national cybersecurity.^[1]

In 2025, Ross was appointed a Fellow at Dartmouth College’s Institute for Security, Technology, and Society (ISTS), where he contributes to research and curriculum development in cybersecurity and systems engineering.^[4]

Ross has testified before Congress on several occasions regarding cybersecurity risk frameworks, supply chain security, and federal preparedness following major breaches, including the SolarWinds incident.^[5]

He has also appeared in national media discussing cybersecurity threats and federal response strategies. His insights have been featured in:

• Ross, Ron, et al. Security and Privacy Controls for Information Systems and Organizations. NIST Special Publication 800-53 Revision 5, September 2020. DOI: 10.6028/NIST.SP.800-53r5

• Ross, Ron Planning Minimum-Energy Paths in an Off-Road Environment with Anisotropic Traversal Costs and Motion Constraints. Ph.D. dissertation, Naval Postgraduate School, June 1989. PDF (DTIC)

Dr. Ron Ross has delivered invited lectures and participated in academic events at numerous universities and colleges across the United States. His speaking engagements have included prestigious institutions such as:

• Stanford University^[1]
• MIT^[1]
• Dartmouth College^[1]
• Naval Postgraduate School^[1]
• George Washington University^[1]

In these settings, Dr. Ross has shared insights on topics including cybersecurity risk management, federal information security policy, systems engineering, and emerging threats in national defense and critical infrastructure protection. His lectures frequently draw upon his leadership at the National Institute of Standards and Technology (NIST), where he helped develop the Risk Management Framework (RMF) and the NIST Cybersecurity Framework.

• National Cyber Security Hall of Fame, Class of 2015^[16]
• Federal 100 Award (multiple years)^[17][18]
• Department of Commerce Gold Medal for Distinguished Achievement^[19]
• National Security Agency Scientific Achievement Award^[1]
• Presidential Rank Award for public service^[1]
• Information Systems Security Association Hall of Fame Inductee and Distinguished Service Award recipient^[1]
• (ISC)² Lynn F. McNulty Tribute Award (2013, inaugural recipient)^[20]
• 2021 Retired Gen. Michael V. Hayden Lifetime Leadership Award^[21]
• 1105 Media Gov30 Award^[2]
• ISACA Joseph J. Wasserman Award^[3]
• 2015 Homeland Security and Law Enforcement Medal^[22]
• 2019 Pioneer Award, Institute for Critical Infrastructure Technology (ICIT), for contributions to cybersecurity and public sector innovation^[23]

Lt. Col., U.S. Army (Ret.)

	Award
	Defense Superior Service Medal (awarded in civilian capacity)
	Meritorious Service Medal

Parachutist Badge

Ross formally retired from full-time government service in 2025. During his tenure, he contributed to the development of foundational cybersecurity frameworks, including the Risk Management Framework (RMF), and authored key NIST Special Publications such as SP 800-37, SP 800-53, and SP 800-160. These resources continue to guide cybersecurity practices across federal agencies and the private sector. ^[24]

Following his retirement, Ross founded his own cybersecurity consulting firm, RONROSSECURE, LLC, which offers advisory services on secure system development, cyber resiliency, and risk management strategies. ^[25]

• National Institute of Standards and Technology
• NIST Special Publication 800-53
• NIST Special Publication 800-171
• Federal Information Security Modernization Act of 2014
• Risk Management Framework
• Cybersecurity and Infrastructure Security Agency
• Information assurance
• United States Army

• Official website – RONROSSECURE, LLC
• Ron Ross on LinkedIn