Kathryn Daily

Dear Dr. RMF

Dear Dr. RMF, In my office we are disputing the intent of RMF Control SA-4(9), i.e., whether it can be inherited or if it is intended to be system-specific. The control description states organization but the compelling evidence call for SSP. Furthermore, the AP procedures calls for contract / agreements to be inspected. …

Kathryn Daily In CMMC

CMMC Assessors Requirements Announced

By Kathryn Daily, CISSP, CAP, RDRP Despite the current pandemic, the CMMC AB (Cybersecurity Maturity Model Certification Accreditation Body) is moving right along. They have now announced the requirements to become a Certified Professional (CP), Certified Assessor (CA), Certified Third Party Assessment Organization (C3PAO), or Registered Practitioner. The C3PAO will…

Kathryn Daily In Risk Management Framework

RMF and the COVID-19 Pandemic

By Lon J. Berman, CISSSP, RDRP 2020 has been a turbulent year, to say the least. When it comes to operating and maintaining our information systems, a lot of the “usual routine” has been disrupted in the name of health and safety. In spite of all this turmoil, the need…

Kathryn Daily In CMMC, Uncategorized

CMMC Continues to Mature

By Kathryn Daily, CISSP, CAP, RDRP CMMC is still a hot conversation topic in the DoD world. The model as well as the process surrounding the model continue to develop and has largely stuck to the initial schedule set out by Katie Arrington at the onset of this project, no…

Kathryn Daily In BAI Announcements, Uncategorized

BAI Announces RMF Micro Edition Video Series

By Philip D. Schall, Ph.D., CISSP, RDRP BAI RMF Resource Center is pleased to announce the RMF Micro Edition Video Series created in collaboration with CompTIA. Below is a summary of the course content as described by BAI’s lead trainer, Linda Gross: “BAI, in partnership with CompTIA, recently produced a…

Kathryn Daily In RMF Training

Reflections on RMF Training from a BAI College Scholarship Recipient

By Grace Brammer, RDRP As an undergraduate computer science student, I often find it difficult to connect my work in academia to real-world cybersecurity implementation. While demand in the tech industry continues to grow, studying for a technical degree in college is both exciting and stressful. Unfortunately, the stress compounds…

Kathryn Daily In Dr. RMF, Uncategorized

Dear Dr. RMF

Dear Dr. RMF, I am doing an annual review for an information system I have. Originally, this was inherited from our network boundary, but in reviewing this again it speaks specifically to information systems, which from my under-standing this cannot be inherited. If I am reading this control correctly it…

Kathryn Daily In Dr. RMF, Uncategorized

Dear Dr. RMF

Dear Dr. RMF, I have an information system that is current-ly being assessed and authorized and the boundary consists of desktops, laptops, printers, a major OS, and about 10 to 15 applications, which is spread throughout an enterprise. In reviewing the DoDI 8510.01 and the definition of IT products it…

Kathryn Daily In Dr. RMF, Uncategorized

Dear Dr. RMF

Dear Dr. RMF, In my office we are disputing whether RMF Control SA-4 can be inherited, or if it needs to be system-specific. The control description includes the work "Organization", but the compelling evidence (per eMASS) calls for SSP. Furthermore, the Assessment Procedure calls for the contract/agreement to be inspected.…

Kathryn Daily In Risk Management Framework

NIST SP 800-53 Rev. 5—A Summary of What is to Come

In an effort to strengthen the trustworthiness and resilience of the information systems, component products and services that the federal government depends on in every critical infrastructure sector and which support the economic and national security interests of the United states, NIST has released an up-dated version of the NIST…

Dear Dr. RMF

CMMC Assessors Requirements Announced

RMF and the COVID-19 Pandemic

CMMC Continues to Mature

BAI Announces RMF Micro Edition Video Series

Reflections on RMF Training from a BAI College Scholarship Recipient

Dear Dr. RMF

Dear Dr. RMF

Dear Dr. RMF

NIST SP 800-53 Rev. 5—A Summary of What is to Come

Site Search

Recent Posts