Ask Dr. RMF

Dear Dr. RMF, RMF IA-4 Identification Management control is not easy.  It has so many rabbit holes.  I am not sure how to tackle this control.  Could you please simplify this control for me.  Let’s say for IA-4 Identifier Management, the information system is a web application/web server.  For the…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:

Ask Dr. RMF

Dear Dr. RMF, I can tell you I am definitely new to eMass. However, I have registered several packages and brought over artifacts. I have blindly (using the job aid) assigned controls, exported the spreadsheet and reimported. Haven’t been able to produce the RAR or POAM.  With that being said,…

Continue Reading

Post Categories: Dr. RMFemass Tags:

The NIST Cybersecurity Framework

By Marilyn Fritz, CISSP Cybersecurity is notoriously challenging, with every new day bringing more media stories about losses from endless breaches.  Beleaguered cybersecurity professionals are left coping with the onslaught and, more often than not, pleading for resources. Leaders in both private and public sectors all around the globe are…

Continue Reading

Post Categories: Cybersecurity Framework Tags:

NIST Privacy Framework: An Update

By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off of their cybersecurity framework that has been extremely successful in both government and the private sector.  NIST has worked with industry through webinars and workshops and incorporated both public…

Continue Reading

Post Categories: NIST Privacy Framework Tags:

Ask Dr. RMF

Dear Dr. RMF, First of all, just stumbled across this blog few days ago….awesome! There is piles of documentation but not enough community sourced help for the RMF process. I tried starting an RMF sub-reddit but it never took off! I have so many questions! But one in particular that…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:

Ask Dr. RMF

Dear Dr. RMF, Government IT Security staff work with systems owners to make sure that all systems in the agency have implemented the proper Risk Management Framework (RMF) controls. Organizations have deployed technologies like eMASS, XACTA, and RSA to manage the workflow and documentation for the RMF for their systems….

Continue Reading

Post Categories: Dr. RMFFEDRampRisk Management Framework Tags: