This blog excerpt is taken from our July 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Philip D. Schall, Ph.D., CISSP, RDRP As a college professor and Director of Training at BAI RMF Resource Center, I often am approached by students of all ages asking how they…
This blog excerpt is taken from our April 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By: Devon Schall, Ph.D., CISSP On March 30th, I had the opportunity to attend the primary conference day for Information Systems Security Association (ISSA) Colorado Springs Cyber Focus Week hosted at…
By Philip D. Schall, Ph.D., CISSP, RDRP For those who missed my last article titled The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC), I will provide a quick summary to bring readers up to speed. It has always been my perception that a big part of…
By Philip D. Schall, Ph.D., CISSP, RDRP About four or five years ago, I had a meeting with an Army organization on the topic of providing RMF training targeted specifically at Authorizing Officials (AO’s). My memory is a bit hazy, but as I recall, after two or three meetings we…
By Philip D. Schall, Ph.D., CISSP, RDRP First off, I would like to congratulate Director of Cybersecurity and Information Assurance at Army CIO/G-6, Nancy Kreidler on her recent retirement! As a self-proclaimed RMF nerd, I found one of her recent posts on LinkedIn humorous with the following lines “Step 1…
By Philip D. Schall, Ph.D., CISSP, RDRP As spring arrives, I thought it would be beneficial to share the rumblings and conversations I heard/had at AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022 regarding my favorite topic, Risk Management Framework (RMF). Before I dive into my RMF conference debrief,…
“By far one of the best courses I have taken in a long time. I just finished up a 10-week graduate course on RMF, and I learned more in this 4-day class from Linda than I did the entire 10 weeks, best money I have ever spent!!” – BAI RMF…
By P. Devon Schall, CISSP, RDRP During a recent RMF literature search, I came across an interesting article titled “RMF Applied to Modern Vehicles”. The article was published by Charlie McCarthy and Kevin Harnett in 2014 and sponsored by the National Highway Traffic Safety Administration (NHTSA). The overall goal of…
By P. Devon Schall, M.S., MA.Ed. CISSP, RDRP On April 3rd and April 4th, I attended the Armed Forces Communications and Electronic Association (AFCEA) annual industry event titled AFCEA Belvoir Industry Days hosted at The Gaylord National Harbor in Maryland. The Belvoir chapter supports the Fort Belvoir community by connecting…
By Lon J. Berman, CISSP, RDRP NIST 800-53, and specifically Security Control CM-6, requires an organization to Establish and document configuration settings for information technology products employed within the information system using [Assignment: organizationdefined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; Implement the configuration…
