Kathryn Daily

Kathryn Daily In Federal Government, Risk Management Framework

RMF Across the Government Landscape

By Lon J. Berman, CISSP, RDRP More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”. With widespread adoption of RMF throughout most federal civil agencies, DoD components and intelligence community agencies, it is safe to say…

Kathryn Daily In BAI Announcements, Risk Management Framework, RMF Training

Do I really need four-day live instructor-led RMF Training?

Why Free Online Training Isn't Enough By Philip D. Schall, Ph.D., CISSP, RDRP At BAI RMF Resource Center, we often have conversations with our students on the topic of taking formal classroom RMF training. In the mod-ern digital landscape, we are able to learn about and complete projects we never…

Kathryn Daily In BAI Announcements

The RMF Hot Sauce Story

By Lon J. Berman, CISSP, RDRP If you have attended a BAI training class you should have received a “special gift” from BAI – a bottle of “RMF Hot Sauce”. Naturally we hope you and your family or friends enjoyed our little spicy treat. Over the years, lots of people…

Kathryn Daily In RMF Training

Ready for In-Person Classroom RMF Training?

By P. Devon Schall, Ph.D., CISSP Tired of Microsoft Teams and Zoom meetings yet? As a trained instructional designer, online college professor, residential (in-person) college professor, and Director of Training at BAI RMF Resource Center, I am opinionated and passionate about pedagogy and training delivery methods. 2020 has been full…

Kathryn Daily In NIST Privacy Framework

NIST Rev. 5 Supplemental Materials

By Kathryn Daily, CISSP, CAP, RDRP Back in September of last year (2020), NIST finally published the final version of Special Publication 800-53 Revision 5. Most notably, this revision incorporated privacy considerations in the security controls themselves rather than having separate control families for the privacy controls (e.g., AR, AP,…

Kathryn Daily In CMMC

DFARS Compliance with CMMC/NIST SP 800-171

By Marilyn Fritz, CISSP, CISA, ITIL, PMP The new DFARS Interim Rule that went into effect November 30, 2020 is a game changer for any entities that have or are pursuing Defense Industrial Base (DIB) contracts or subcontracts. Prior to the new Interim Rule, contractors and sub-contractors could self-attest that…

Kathryn Daily In Risk Management Framework

Welcome, Step 0

By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to…

Kathryn Daily In CMMC

CMMC AB Proposes “Pay to Play” Program

By Kathryn Daily, CISSP, CAP, RDRP On Saturday, September 12th, the CMMC Accreditation Body (AB) posted a page to their website that advertised for a “Partnership Program” where contracting companies could pay up to $500,000 for a CMMC AB stamp of approval. The proposed program consists of five levels ranging…

Kathryn Daily In Risk Management Framework

Security Control Spotlight: AC-20 (Use of External Information Systems)

By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…

Kathryn Daily In Dr. RMF

Dear Dr. RMF

Daphne in Kansas City asks: Dr. RMF, we are bidding on a multi-year contract to provide services to a DoD agency. The process is down to the final stage and we are looking good to win the work. Assuming we are awarded the work, the government will be requiring us…