By Kathryn Daily, CISSP, CAP (soon to be CGRC), RDRP What is GRC? GRC stands for Governance, Risk, and Compliance. GRC is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity. In August of 2021 ISC2 updated the exam outline and…
By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharma-cy records. The breach was caused by a vulnerability in the Accellion file-sharing system which the grocery chain immediately stopped using. As…
By Lon J. Berman, CISSP, RDRP More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”. With widespread adoption of RMF throughout most federal civil agencies, DoD components and intelligence community agencies, it is safe to say…
Why Free Online Training Isn’t Enough By Philip D. Schall, Ph.D., CISSP, RDRP At BAI RMF Resource Center, we often have conversations with our students on the topic of taking formal classroom RMF training. In the mod-ern digital landscape, we are able to learn about and complete projects we never…
Tony from OSD asks: Dr. RMF, I currently assess a boundary that includes all of our desktops, laptops, network printers, and some local printers. There are a number of devices (i.e. desktop/laptops) that don’t store Personally Identifiable Information (PII) per se, but will disseminate PII to our records management boundary…
By Lon J. Berman, CISSP, RDRP This month we will be celebrating our oldest grandson’s tenth birthday. It suddenly made me realize that with everything that’s been going on in 2020, it appears we missed another significant birthday this year – February marked the tenth birthday of the Risk Management…
By Amanda Jones On June 26, 2020, President Donald J. Trump issued the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates, in an effort to bring government agencies up to speed with newer hiring standards in the private sector. This comes in the wake…
by P. Devon Schall, PhD, CISSP, RDRP BAI recognizes that eMASS is a stumbling block for many new RMF practitioners. To mitigate these challenges, our instructional designers felt the creation of an eMASS sandbox environment where our students could practice working in eMASS without being scared to submit incorrect data…
By Lon J. Berman, CISSP, RDRP In a previous edition (January, 2020) of RMF Today … and Tomorrow, we presented an overview of the adoption of RMF and eMASS by the Defense Counterintelligence and Security Agency (DCSA) for use by cleared contractor companies operating within the National Industrial Security Program…
Dear Dr. RMF, I have a boundary for a web application. My SISO wants to move another web application into this approved boundary. The move is because both have similar operating characteristics, security and privacy requirements, and reside in the same environment of operation. As the SCA for the receiving…
