Kathryn Daily

Kathryn Daily In BAI Announcements, RMF Training

Online Personal Classroom™ Brings RMF Training to You

By Lon J. Berman, CISSP, RDRP DoD and Federal agencies and their supporting contractors are struggling to adapt to the “new reality” of travel restrictions, mandatory telework and social distancing. While we don’t know how long these conditions will last, we do know that all organizations must continue to perform…

Kathryn Daily In NISP, Risk Management Framework

RMF and eMASS in the National Industrial Security Program (NISP)

By Lon J. Berman, CISSP, RDRP Organizations performing classified work for DoD (aka. Cleared Contractor Facilities) are governed by the National Industrial Security Program (NISP). NISP is administered by the Defense Counterintelligence and Security Agency (DCSA), formerly known as the Defense Security Service (DSS). In general, companies covered by NISP…

Kathryn Daily In CMMC

CMMC – What We Know and What We Don’t

By Kathryn Daily, CISSP, CAP, RDRP So by now, I’m sure you’ve seen a ton of articles on the Cybersecurity Maturity Model Certification (CMMC) initiative. A lot of information has been released but there are still a lot of unknowns. What We Know We know that it’s mandatory for all…

Kathryn Daily In Risk Management Framework

U.S. Army Moves Towards Threat-Based RMF Approach (Project Sentinel)

By Philip D. Schal, Ph.D., CISSP, RDRP What is Project Sentinel? The United States Army recently announced that it is launching a new initiative called Project Sentinel. Project Sentinel is described as an adaption of the traditional RMF process with goals of streamlining RMF into a threat informed risk decision…

Kathryn Daily In emass, Risk Management Framework

The Expanding Role of eMASS

By Lon J Berman, CISSP, RDRP The Enterprise Mission Assurance Support Service (eMASS) is a DoD system that serves as an information repository and workflow manager for the Risk Management Framework (RMF) process. The history of eMASS can be traced back to a project called Digital DITSCAP at the Defense…

Kathryn Daily In Uncategorized

Third Party Cybersecurity Assessments for Contractors

By Kathryn Daily, CISSP, CAP, RDRP That’s an eye-catching headline, right? Unfortunately, it’s not actually a thing, at least not yet, but will be in the future, if I get my way. Currently, all federal information systems are required to go through an Assessment and Authorization (A&A) process to be…

Kathryn Daily In Cybersecurity Framework

The NIST Cybersecurity Framework

By Marilyn Fritz, CISSP Cybersecurity is notoriously challenging, with every new day bringing more media stories about losses from endless breaches. Beleaguered cybersecurity professionals are left coping with the onslaught and, more often than not, pleading for resources. Leaders in both private and public sectors all around the globe are…

Kathryn Daily In NIST Privacy Framework

NIST Privacy Framework: An Update

By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off of their cybersecurity framework that has been extremely successful in both government and the private sector. NIST has worked with industry through webinars and workshops and incorporated both public…

Kathryn Daily In Risk Management Framework, Uncategorized

RMF Conference Observations

By P. Devon Schall, PhD, CISSP, RDRP Over the past 12 months, I have attended a handful of DoD cybersecurity conferences with the goal of convincing the DoD community that RMF training is a key solution in combatting the perceived RMF crisis. These conferences include the Air Force Information Technology…