RMF and eMASS in the National Industrial Security Program (NISP)

By Lon J. Berman, CISSP, RDRP Organizations performing classified work for DoD (aka. Cleared Contractor Facilities) are governed by the National Industrial Security Program (NISP). NISP is administered by the Defense Counterintelligence and Security Agency (DCSA), formerly known as the Defense Security Service (DSS). In general, companies covered by NISP…

Continue Reading

Post Categories: NISPRisk Management Framework Tags:

Ask Dr. RMF

Dear Dr. RMF, We are having a dispute in our office about how to handle security control selection for a “non-National Security System” (non-NSS). We know DoD has mandated that System Categorization and Security Control Selection shall be done “in accordance with CNSSI 1253”. However, the CNSSI 1253 security control…

Continue Reading

Post Categories: Dr. RMF Tags:

CMMC – What We Know and What We Don’t

By Kathryn Daily, CISSP, CAP, RDRP So by now, I’m sure you’ve seen a ton of articles on the Cybersecurity Maturity Model Certification (CMMC) initiative. A lot of information has been released but there are still a lot of unknowns. What We Know We know that it’s mandatory for all…

Continue Reading

Post Categories: CMMC Tags:

Ask Dr. RMF

Dear Dr. RMF, RMF IA-4 Identification Management control is not easy.  It has so many rabbit holes.  I am not sure how to tackle this control.  Could you please simplify this control for me.  Let’s say for IA-4 Identifier Management, the information system is a web application/web server.  For the…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:

Ask Dr. RMF

Dear Dr. RMF, I can tell you I am definitely new to eMass. However, I have registered several packages and brought over artifacts. I have blindly (using the job aid) assigned controls, exported the spreadsheet and reimported. Haven’t been able to produce the RAR or POAM.  With that being said,…

Continue Reading

Post Categories: Dr. RMFemass Tags:

The NIST Cybersecurity Framework

By Marilyn Fritz, CISSP Cybersecurity is notoriously challenging, with every new day bringing more media stories about losses from endless breaches.  Beleaguered cybersecurity professionals are left coping with the onslaught and, more often than not, pleading for resources. Leaders in both private and public sectors all around the globe are…

Continue Reading

Post Categories: Cybersecurity Framework Tags: