By Kathryn Daily, CISSP, CAP, RDRP NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be key for an authorization decision. “RMF 2.0 gives federal agencies a very powerful tool to manage both…
By Alice Steger, Director of Sales & Marketing Training Overview Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls…
By P. Devon Schall, M.S., MA.Ed. CISSP, RDRP Over the past few months, I have heard rumblings of something called “RMF 30- Day Sprint”. It came up initially during an RMF for DoD IT training I taught in Virginia Beach, and it was pitched as a new program to grant…
By Kathryn Daily, CISSP, CAP, RDRP NIST has announced the development of a Privacy Framework. The framework is needed to ensure the ability to design, operate, or use technologies in ways that are observant of various privacy needs in a progressively connected and complicated environment. It is expected to help…
By Lon J. Berman CISSP, RDRP Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive Branch, i.e., DoD, federal civil agencies, and the intelligence community. It’s now been 4 ½ years since DoD…
By P. Devon Schall, CISSP, RDRP With the addition of Step 0 to the RMF life cycle (a preparation step that BAI has been preaching for years which is now being implemented in SP 800-37 Rev. 2), we decided to make this month’s top ten list based on preparation. Preparation…
By Kathryn Daily, CISSP, RDRP If you heard a whooshing sound on New Year’s Eve, that was probably the deadline for compliance with NIST 171 flying by. A lot of you might be asking “What is NIST 171?” NIST 171 is a set of requirements documented in the NIST Special…
By Lon J. Berman, CISSP, RDRP BAI has recently expanded its training program to include training for the Certified Information Systems Security Professional (CISSP) credential. Beginning in February 2018, we are offering an intensive five-day course designed to prepare students for the CISSP certification exam. CISSP is an internationally recognized…
By P. Devon Schall, MS, MAEd, CISSP, RDRP We are excited to announce the addition of RMF supplemental training courses to our training catalog. After extensive discussion regarding our 2018 curriculum, we felt we would benefit students the most by offering “bitesized” courses to supplement our core four-day RMF for…
Security Control Spotlight— Inheritance from a FedRAMP Approved CSP By Kathryn M. Daily, CISSP, RDRP In a previous issue, security control inheritance from an external system hosted at a departmental or agency data center was discussed. In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service…