Skip to main content
All Posts By

Kathryn Daily

The RMF Hot Sauce Story

By Lon J. Berman, CISSP, RDRP If you have attended a BAI training class you should have received a “special gift” from BAI – a bottle of “RMF Hot Sauce”. Naturally we hope you and your family or friends enjoyed our little spicy treat. Over the years, lots of people…

Read More

Ready for In-Person Classroom RMF Training?

By P. Devon Schall, Ph.D., CISSP Tired of Microsoft Teams and Zoom meetings yet? As a trained instructional designer, online college professor, residential (in-person) college professor, and Director of Training at BAI RMF Resource Center, I am opinionated and passionate about pedagogy and training delivery methods. 2020 has been full…

Read More

NIST Rev. 5 Supplemental Materials

By Kathryn Daily, CISSP, CAP, RDRP Back in September of last year (2020), NIST finally published the final version of Special Publication 800-53 Revision 5. Most notably, this revision incorporated privacy considerations in the security controls themselves rather than having separate control families for the privacy controls (e.g., AR, AP,…

Read More

DFARS Compliance with CMMC/NIST SP 800-171

By Marilyn Fritz, CISSP, CISA, ITIL, PMP The new DFARS Interim Rule that went into effect November 30, 2020 is a game changer for any entities that have or are pursuing Defense Industrial Base (DIB) contracts or subcontracts. Prior to the new Interim Rule, contractors and sub-contractors could self-attest that…

Read More

Welcome, Step 0

By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to…

Read More

CMMC AB Proposes “Pay to Play” Program

By Kathryn Daily, CISSP, CAP, RDRP On Saturday, September 12th, the CMMC Accreditation Body (AB) posted a page to their website that advertised for a “Partnership Program” where contracting companies could pay up to $500,000 for a CMMC AB stamp of approval. The proposed program consists of five levels ranging…

Read More

Dear Dr. RMF

Daphne in Kansas City asks: Dr. RMF, we are bidding on a multi-year contract to provide services to a DoD agency. The process is down to the final stage and we are looking good to win the work. Assuming we are awarded the work, the government will be requiring us…

Read More

Dear Dr. RMF

Sean from US Navy asks: Dr. RMF, we are working on an acquisition for several new medical imaging devices in our hospital. Each of these new devices contains an embedded computer running the Linux operating system. A connection to the hospital’s data network is used to send imaging data to…

Read More

New Training Opportunity!

Security Controls Implementation Workshop By P. Devon Schall, PhD, CISSP, RDRP If you ask an RMF practitioner what the most challenging part of the RMF process is you’re likely to hear them reference responding to security controls! With thousands of assessment procedures, even those with a strong understanding of RMF…

Read More