Kathryn Daily

Kathryn Daily In Risk Management, Risk Management Framework, RMF Training, Security Controls Implementation and Assessment

10 Concepts for a Thriving RMF Program

By Amanda Lowell, Security+ CE, RDRP My friends and I joke that being in the field of cybersecurity is equivalent to searching for unicorns–achieving cybersecurity is a myth… Let me explain. The “cybersecurity” buzzword, as it is thrown around by executives today, is a myth. The concept of…

Kathryn Daily In NIST 800-53, Risk Management Framework, Security Controls Implementation and Assessment, Supply Chain Risk Management

NIST SP 800-53: What’s the Delta from Rev. 4 to Rev. 5?

This blog excerpt is taken from our July 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP NIST SP 800-53 (National Institute of Standards and Technology Special Publication 800-53) provides a set of security and privacy controls for information systems…

Kathryn Daily In Continuous Monitoring, RMF Training, Security Technical Implementation Guides, Uncategorized

The Current State of SCAP Benchmarks & Possibly the Future

This blog excerpt is taken from our April 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP As some may have heard, SCAP Compliance Checker (SCC) has lost funding from DISA as of the end of FY22 and as a…

Kathryn Daily In BAI Announcements, Risk Management, Risk Management Framework, RMF Training, Uncategorized

CAP Becomes CGRC? What Does This Mean?

By Kathryn Daily, CISSP, CAP (soon to be CGRC), RDRP What is GRC? GRC stands for Governance, Risk, and Compliance. GRC is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity. In August of 2021 ISC2 updated the exam outline and…

Kathryn Daily In Risk Management Framework

Confessions of a Junior RMF Consultant

By Grace Brammer, RDRP The very first time I heard about a so-called ‘RMF process,’ I was in my freshman year of college. To anyone familiar with the industry, it may come as a shock to hear that my initial exposure to RMF left me with a mixture of emotions—mostly…

Kathryn Daily In NIST Privacy Framework, Risk Management Framework

NIST Updates the AI RMF

By Kathryn Daily, CISSP, CAP, RDRP Artificial intelligence (AI) is the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages. One example of AI is the use of virtual filters on our face…

Kathryn Daily In NIST Privacy Framework, Risk Management Framework

NIST to Update the CSF Based on Responses from Industry and More!

By Kathryn Daily, CISSP, CAP, RDRP Back in February, NIST issued a public Request for Information (RFI) to identify how the Cyber Security Framework was being used and also for recommendations on improving the effectiveness of the Framework and its alignment with other cyber security resources. “Every Organization needs to…

Kathryn Daily In Federal Government

FISMA 2022 Update

By Kathryn Daily, CISSP, CAP, RDRP On February 7, 2022, The Office of the Director of National Intelligence (ODNI) released the Annual Threat Assessment of the U.S. Intelligence Community. In its assessment of Russia and their Cyber capabilities, ODNI assessed that Russia will remain a top cyber threat as it…

Kathryn Daily In NIST Privacy Framework

DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?

By Lon J. Berman, CISSP, RDRP Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard. When DoD first adopted RMF … back in 2014! …they expressed their commitment to “keeping up” with the…