Kathryn Daily

Kathryn Daily In Risk Management Framework

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP By Kathryn M. Daily, CISSP, RDRP In a previous issue, security control inheritance from an external system hosted at a departmental or agency data center was discussed. In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service…

Kathryn Daily In Risk Management Framework

Registered DoD RMF Practitioner (RDRP)

Registered DoD RMF Practitioner (RDRP) By Lon J. Berman, CISSP, RDRP BAI Information Security is pleased to announce the upcoming launch of a new program called Registered DoD RMF Practitioner (RDRP) - a network of security professionals specializing in supporting RMF in DoD programs. The requirements to join RDRP are…

Kathryn Daily In Risk Management Framework

Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF)

Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF) By P. Devon Schall, CISSP, RDRP I recently attended the Cybersecurity Framework (CSF) Workshop from May 16-17 at NIST in Gaithersburg, Maryland. The workshop proved to be informative in relation to how government and industry are implementing the guidance issued…

Kathryn Daily In Risk Management Framework

Continuous Monitoring Today—And Tomorrow

Continuous Monitoring Today—And Tomorrow By Lon J. Berman, CISSP, RDRP Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security Controls”. Many security professionals would argue it is the most important step, since monitoring is what transforms RMF from yet another “point in time” evaluation to a true…

Kathryn Daily In Risk Management Framework

Top Ten—Things You Should Know about eMASS

Top Ten—Things You Should Know about eMASS By Lon J. Berman, CISSP The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services for comprehensive, fully-integrated cybersecurity management, including controls scorecard measurement, dashboard reporting, and the generation of Risk…

Kathryn Daily In Uncategorized

NIST SP 800-53 Rev 5 – Big Changes Coming?

NIST SP 800-53 Rev 5 - Big Changes Coming? By Lon J. Berman, CISSP As you probably know, the “catalog” of security controls used in RMF is derived from NIST Special Publication (SP) 800-53 Rev 4. What you may not know is that NIST is hard at work on SP…

Kathryn Daily In Risk Management Framework

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs By Kathryn M. Daily, CISSP After assisting numerous customers with their RMF efforts, we have seen several instances of confusion arise concerning the “naming” or “numbering” of Security Controls, Control Enhancements, and Control Correlation Identifiers (CCIs). We hope this short tutorial will…

Kathryn Daily In Risk Management Framework

BAI Announces eMASS Training Program

BAI Announces eMASS Training Program By P. Devon Schall, CISSP We are pleased to announce that eMASS training will now be available from BAI to complement our RMF for DoD IT training program. Course Content Our initial course offering, eMASS eSSENTIALS, is a one-day session in which we provide “how…

Kathryn Daily In Risk Management Framework

RMF and the Cloud

RMF and the Cloud P. Devon Schall Probably the most talked-about concept in information technology today is cloud computing, often simply called “The Cloud.” According to the National Institute of Standards and Technology (NIST), cloud computing is “a model for enabling ubiquitous, on-demand network access to a shared pool of…

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP

Registered DoD RMF Practitioner (RDRP)

Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF)

Continuous Monitoring Today—And Tomorrow

Top Ten—Things You Should Know about eMASS

NIST SP 800-53 Rev 5 – Big Changes Coming?

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs

BAI Announces eMASS Training Program

RMF and the Cloud

Site Search

Recent Posts