FISMA 2022 Update

By Kathryn Daily, CISSP, CAP, RDRP On February 7, 2022, The Office of the Director of National Intelligence (ODNI) released the Annual Threat Assessment of the U.S. Intelligence Community. In its assessment of Russia and their Cyber capabilities, ODNI assessed that Russia will remain a top cyber threat as it…

Continue Reading

Post Categories: Federal Government Tags:

Dear Dr. RMF

“Identity Crisis” writes: I am a contractor working on development of a system that is jointly owned by a DoD agency and a federal civil agency (Dept. of Treasury). My company is expected to do most of the “heavy lifting” to develop the RMF package for this system and we…

Continue Reading

Post Categories: Dr. RMF Tags:

Dear Dr. RMF

“Overlay Layover” asks: I’m a little bit confused about how to find available security controls overlays. According to the RMF policy (DoD Instruction 8510.01) and the RMF Knowledge Service, approved overlays can be found on the CNSS.GOV website. Well, I keep looking there and all I see are the same…

Continue Reading

Post Categories: Dr. RMF Tags:

Dear Dr. RMF

“In Search of Perfection” writes: One of my customers was told by their Security Control Assessor (SCA) that they could not get Authorization To Operate (ATO) unless their POA&M had zero open items; in other words, they are expected to be 100% compliant with all the controls in their baseline….

Continue Reading

Post Categories: Dr. RMF Tags:

FedRAMP Turns 10!

By Kathryn Daily, CISSP, CAP, RDRP On December 8, 2021, the FedRAMP program turned 10 years old! Created in 2011, the goal for FedRAMP was to produce a cost-effective, repeatable solution for securing cloud services and cloud service providers. I think we can safely say, mission accomplished. The CGI IAAS…

Continue Reading

Post Categories: Federal Government Tags:

Dear Dr. RMF

Dear Dr. RMF, Meredith writes: Hi Dr. RMF! We are working on the RMF package in eMASS for a new system and there is a check box labeled “National Security System”. We’re not sure whether to check this box or not. One of my colleagues thinks we should check the…

Continue Reading

Post Categories: Dr. RMF Tags: