ISO 27001, CMMC, NIST 800-53…   Keeping track of the myriad security guidelines can be tricky.   Especially when you don’t know the “why” behind them.    To help clear things up, in this episode, I speak with the preeminent expert on NIST guidelines, Dr. Ron Ross, Fellow at National Institute of Standards and Technology, and learn not just what the guidelines are — but how and why they came to be that way.    Ron and I discuss:   - The “Why” behind NIST guidance   - How certification standards like ISO 27001 relate to NIST 800-53 and map to each other   - How NIST balances policy and technical-level considerations   To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.   If you don’t use Apple Podcasts, you can find all our episodes here.