Ron Ross

Ross graduated from the United States Military Academy at West Point and earned a master’s and doctorate in computer science from the Naval Postgraduate School, with a focus on artificial intelligence and robotics. He also completed studies at the Defense Systems Management College. {{cite web

|url=https://www.nist.gov/system/files/documents/itl/csd/biography-ross-09-17-2014.pdf

|title=Ron Ross Biography

|publisher=National Institute of Standards and Technology

|access-date=2025-06-09

|archive-url=https://web.archive.org/web/20240601000000/https://www.nist.gov/system/files/documents/itl/csd/biography-ross-09-17-2014.pdf

|archive-date=2024-06-01

|url-status=live

}}

Ross served 20 years in the United States Army, where he was commissioned as a Second Lieutenant and served as a Mechanized Infantry and Army Acquisition Corps officer. He completed Airborne training and held technical and leadership roles in secure computing, information assurance, and risk management, retiring with the rank of lieutenant colonel.{{cite web

|url=https://billingtoncybersecurity.com/advisory-board/

|title=Advisory Board – Billington CyberSecurity

|publisher=Billington CyberSecurity

|access-date=2025-06-02

|archive-url=https://web.archive.org/web/20240601000000/https://billingtoncybersecurity.com/advisory-board/

|archive-date=2024-06-01

|url-status=live

}}

After retiring from the military, Ross began his civilian service at the Institute for Defense Analyses before joining the National Institute of Standards and Technology (NIST) as a senior computer scientist. He was named a NIST Fellow, the agency’s highest honorary recognition, for his pioneering leadership in cybersecurity and systems security engineering.

Ross was a principal architect of key cybersecurity standards and frameworks used across the federal government and private sector. He served as lead author on foundational NIST publications, including:

• {{cite web |title=FIPS 199: Standards for Security Categorization of Federal Information and Information Systems |url=https://csrc.nist.gov/publications/detail/fips/199/final |publisher=National Institute of Standards and Technology (NIST) |date=February 2004 |access-date=June 19, 2025 }}

• {{cite web |title=FIPS 200: Minimum Security Requirements for Federal Information and Information Systems |url=https://csrc.nist.gov/publications/detail/fips/200/final |publisher=National Institute of Standards and Technology (NIST) |date=March 2006 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-30 Rev. 1: Guide for Conducting Risk Assessments |url=https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final |publisher=National Institute of Standards and Technology (NIST) |date=September 2012 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations |url=https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final |publisher=National Institute of Standards and Technology (NIST) |date=December 2018 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-39: Managing Information Security Risk |url=https://csrc.nist.gov/publications/detail/sp/800-39/final |publisher=National Institute of Standards and Technology (NIST) |date=March 2011 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations |url=https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final |publisher=National Institute of Standards and Technology (NIST) |date=December 2020 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-53A Rev. 5: Assessing Security and Privacy Controls in Information Systems and Organizations |url=https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final |publisher=National Institute of Standards and Technology (NIST) |date=January 2022 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-53B: Control Baselines for Information Systems and Organizations |url=https://csrc.nist.gov/publications/detail/sp/800-53b/final |publisher=National Institute of Standards and Technology (NIST) |date=December 2020 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-128: Guide for Security-Focused Configuration Management of Information Systems |url=https://csrc.nist.gov/publications/detail/sp/800-128/final |publisher=National Institute of Standards and Technology (NIST) |date=October 2011 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-160 Vol. 1 Rev. 1: Engineering Trustworthy Secure Systems |url=https://csrc.nist.gov/pubs/sp/800/160/v1/r1/final |publisher=National Institute of Standards and Technology (NIST) |date=November 2022 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-160 Vol. 2 Rev. 1: Developing Cyber Resilient Systems |url= https://csrc.nist.rip/external/nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1-draft.pdf |publisher=National Institute of Standards and Technology (NIST) |date=December 2021 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-171 Rev. 3: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |url=https://csrc.nist.gov/pubs/sp/800/171/r3/final |publisher=National Institute of Standards and Technology (NIST) |date=May 2024 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-171A Rev. 3: Assessing Security Requirements for Controlled Unclassified Information |url=https://csrc.nist.gov/pubs/sp/800/171/a/r3/final |publisher=National Institute of Standards and Technology (NIST) |date=May 2024 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-172: Enhanced Security Requirements for Protecting CUI |url=https://csrc.nist.gov/publications/detail/sp/800-172/final |publisher=National Institute of Standards and Technology (NIST) |date=February 2021 |access-date=June 19, 2025 }}

• {{cite web |title=SP 800-172A: Assessing Enhanced Security Requirements for Controlled Unclassified Information |url=https://csrc.nist.gov/publications/detail/sp/800-172a/final |publisher=National Institute of Standards and Technology (NIST) |date=March 2022 |access-date=June 19, 2025 }}

Ross was a founding member of the Joint Task Force Transformation Initiative, a collaboration among NIST, the Department of Defense, the Office of the Director of National Intelligence, and the Committee on National Security Systems to unify federal cybersecurity frameworks. He also directed the National Information Assurance Partnership (NIAP), a joint NIST and National Security Agency program focused on systems evaluation.

Ross received the Defense Superior Service Medal (awarded in a civilian capacity) for his contributions to national cybersecurity.{{cite web |title=Dr. Ronald S. Ross |url=https://eucyberact.org/speaker/dr-ronald-s-ross/ |website=EU Cyber Act |publisher=European Cybersecurity Organization |access-date=June 7, 2025 |archive-url=https://web.archive.org/web/20240601000000/https://eucyberact.org/speaker/dr-ronald-s-ross/ |archive-date=June 1, 2024 |url-status=live}}

In 2025, according to his LinkedIn profile, Ross was appointed a Fellow at Dartmouth College’s Institute for Security, Technology, and Society (ISTS) in 2025, where he indicates he contributes to research and curriculum development in cybersecurity and systems engineering.{{cite web |title=Ron Ross – LinkedIn |url=https://www.linkedin.com/in/ronrossecure |website=LinkedIn |access-date=June 20, 2025}}

Ross has testified before Congress on several occasions regarding cybersecurity risk frameworks, supply chain security, and federal preparedness following major breaches, including the SolarWinds incident.{{cite web |url=https://science.house.gov/2021/3/federal-cybersecurity-post-solarwinds |title=Federal Cybersecurity Post-SolarWinds |publisher=House Committee on Science, Space, and Technology |date=March 2021}}

He has also appeared in national media discussing cybersecurity threats and federal response strategies. His insights have been featured in:

• Ross, Ron, et al. Security and Privacy Controls for Information Systems and Organizations. NIST Special Publication 800-53 Revision 5, September 2020. [https://doi.org/10.6028/NIST.SP.800-53r5 DOI: 10.6028/NIST.SP.800-53r5]

• Ross, Ron Planning Minimum-Energy Paths in an Off-Road Environment with Anisotropic Traversal Costs and Motion Constraints. Ph.D. dissertation, Naval Postgraduate School, June 1989. [https://apps.dtic.mil/sti/pdfs/ADA214181.pdf PDF (DTIC)]

Dr. Ron Ross has delivered invited lectures and participated in academic events at numerous universities and colleges across the United States. His speaking engagements have included prestigious institutions such as:

• Stanford University
• MIT
• Dartmouth College
• Naval Postgraduate School
• George Washington University

In these settings, Dr. Ross has shared insights on topics including cybersecurity risk management, federal information security policy, systems engineering, and emerging threats in national defense and critical infrastructure protection. His lectures frequently draw upon his leadership at the National Institute of Standards and Technology (NIST), where he helped develop the Risk Management Framework (RMF) and the NIST Cybersecurity Framework.

• National Cyber Security Hall of Fame, Class of 2015{{cite web

|url=https://cdn.govexec.com/media/ron_ross.pdf

|title=Ron Ross – Biography

|publisher=Government Executive

|format=PDF

|access-date=15 June 2025

|archive-url=https://web.archive.org/web/20250101000000/https://cdn.govexec.com/media/ron_ross.pdf

|archive-date=1 January 2025

|url-status=live

}}

• Federal 100 Award (multiple years){{cite web |url=https://www.nist.gov/awards/ron-ross-receives-federal-100-award |title=Ron Ross Receives Federal 100 Award |publisher=NIST |date=February 4, 2019 |access-date=June 2, 2025}}{{cite web |url=https://fcw.com/acquisition/2019/03/the-2019-federal-100/241015/ |title=The 2019 Federal 100 |publisher=FCW |date=March 2019 |access-date=June 2, 2025}}
• Department of Commerce Gold Medal for Distinguished Achievement{{cite web |url=https://www.nist.gov/news-events/news/2010/12/one-hundred-thirty-nine-employees-receive-department-commerce-gold-and |title=Commerce Gold and Silver Medals |publisher=NIST |date=December 2010 |access-date=June 2, 2025}}
• National Security Agency Scientific Achievement Award
• Presidential Rank Award for public service
• Information Systems Security Association Hall of Fame Inductee and Distinguished Service Award recipient
• (ISC)² Lynn F. McNulty Tribute Award (2013, inaugural recipient){{cite web |url=https://www.nist.gov/news-events/news/2013/11/nist-fellow-ron-ross-honored-inaugural-mcnulty-information-security |title=NIST Fellow Ron Ross Honored with Inaugural McNulty Information Security Award |publisher=NIST |date=November 21, 2013 |access-date=June 2, 2025}}
• 2021 Retired Gen. Michael V. Hayden Lifetime Leadership Award{{cite web |url=https://www.nist.gov/awards/ron-ross-receive-2021-retired-general-michael-v-hayden-lifetime-leadership-award |title=Ron Ross to Receive 2021 Hayden Lifetime Leadership Award |publisher=NIST |date=October 6, 2021 |access-date=June 2, 2025}}
• 1105 Media Gov30 Award
• ISACA Joseph J. Wasserman Award
• 2015 Homeland Security and Law Enforcement Medal{{cite web |title=Ron Ross |url=https://servicetoamericamedals.org/honorees/ron-ross/ |website=Service to America Medals |publisher=Partnership for Public Service |access-date=June 5, 2025}}
• 2019 Pioneer Award, Institute for Critical Infrastructure Technology (ICIT), for contributions to cybersecurity and public sector innovation{{cite web |title=ICIT Honors Dr. Ron Ross (NIST) and Suzette Kent (OMB) at 2019 ICIT Gala & Benefit |url=https://www.globenewswire.com/news-release/2019/11/27/1953464/0/en/ICIT-Honors-Dr-Ron-Ross-NIST-and-Suzette-Kent-OMB-at-2019-ICIT-Gala-Benefit.html |website=GlobeNewswire |publisher=Institute for Critical Infrastructure Technology |date=November 27, 2019 |access-date=June 7, 2025}}

60px Lt. Col., U.S. Army (Ret.)

70px Parachutist Badge

Ross formally retired from full-time government service in 2025. During his tenure, he contributed to the development of federal cybersecurity frameworks, including the Risk Management Framework (RMF), and was a principal author of NIST Special Publications such as SP 800-37, SP 800-53, and SP 800-160. These publications are widely used by U.S. federal agencies and other organizations for information security management.{{cite web

|url=https://cdn.meritalk.com/articles/tech-stalwart-ron-ross-leaving-nist/

|title=Tech Stalwart Ron Ross Leaving NIST

|publisher=Meritalk

|date=February 20, 2025

|access-date=2025-06-03

|archive-url=https://web.archive.org/web/20240601000000/https://cdn.meritalk.com/articles/tech-stalwart-ron-ross-leaving-nist/

|archive-date=2024-06-01

|url-status=live

}}

After retiring, Ross established RONROSSECURE, LLC, a private consulting firm focused on cybersecurity policy, secure systems development, and risk management.{{cite web

|url=https://ronrossecure.com/home

|title=Ron Ross Secure

|website=Ron Ross Secure

|access-date=2025-06-09

|archive-url=https://web.archive.org/web/20240601000000/https://ronrossecure.com/home

|archive-date=2024-06-01

|url-status=live

}}

• National Institute of Standards and Technology
• NIST Special Publication 800-53
• NIST Special Publication 800-171
• Federal Information Security Modernization Act of 2014
• Risk Management Framework
• Cybersecurity and Infrastructure Security Agency
• Information assurance
• United States Army

{{Authority control}}

{{DEFAULTSORT:Ross, Ronald S.}}

Category:Living people

Category:American computer scientists

Category:United States Army officers

Category:Naval Postgraduate School alumni

Category:United States Military Academy alumni

Category:United States Army personnel

Category:American technology writers