BAI RMF Resource Center
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF

Blog

January 18, 2023

CAP Becomes CGRC? What Does This Mean?

By Kathryn Daily, CISSP, CAP (soon to be CGRC), RDRP What is GRC?  GRC stands for Governance, Risk, and Compliance.  GRC is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity. In August of 2021 ISC2 updated the exam outline and…

Continue Reading

Post Categories: BAI AnnouncementsRisk ManagementRisk Management FrameworkRMF TrainingUncategorized Tags:
January 17, 2023

Ask Dr. RMF – Teamwork? I Think Not!

“Teamwork? I think not!” writes: Dear Dr. RMF, I am trying to put together a team to work the RMF process for a new system that’s under development. I got the bright idea of having each of the team members take responsibility for the security controls that are pertinent to…

Continue Reading

Post Categories: Dr. RMFemass Tags:
January 17, 2023

The Army Risk Management Council (ARMC) – Part 2 The Mission Problem

By Philip D. Schall, Ph.D., CISSP, RDRP For those who missed my last article titled The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC), I will provide a quick summary to bring readers up to speed. It has always been my perception that a big part of…

Continue Reading

Post Categories: Risk Management Framework Tags:
January 17, 2023

Ask Dr. RMF – AO Picking on Us?

“AO Picking on Us?” writes: Dear Dr. RMF, We have dutifully followed all the RMF process steps and created all the documentation deliverables (Security Plan, Security Assessment Report, POA&M, etc.). The package was approved by the Security Control Assessor (SCA) and sent on to the AO for final ATO approval…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
January 17, 2023

Authorizing Officials – How Many? … and Why?

By Lon J. Berman, CISSP, RDRP DoDI 8510.01, entitled Risk Management Framework for DoD Information Technology, specifies that “each DoD Information System (IS) … must have an authorizing official (AO) responsible for authorizing the system’s operation based on achieving and maintaining an acceptable risk posture.” Within each DoD Component, the…

Continue Reading

Post Categories: Risk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – AO A-Okay

“AO A-Okay” writes: I have worked on a number of different DoD contracts over the years and I’ve noticed that some of the DoD Components (e.g., Army) have different Authorizing Officials (AOs) for each of their various major commands or programs, while other DoD Components (e.g., Navy) have a single…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – Controls Freak

“Controls Freak” asks: I’m still fairly new at the profession, but since being assigned to an RMF project by my company, I have become rather obsessed with the RMF security controls. My ambition is to memorize all the controls and control enhancements in NIST 800-53 so that if someone says…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – Secret Admirer

“Secret Admirer” writes: I’m finally ready to admit it publicly … I’m a huge admirer of Dr. RMF … Oh, how I love a man in a white coat! Beyond that, I do have an RMF-related question. I’m an application developer in my company and I just found out our…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC)

By Philip D. Schall, Ph.D., CISSP, RDRP About four or five years ago, I had a meeting with an Army organization on the topic of providing RMF training targeted specifically at Authorizing Officials (AO’s). My memory is a bit hazy, but as I recall, after two or three meetings we…

Continue Reading

Post Categories: Risk Management Framework Tags:
October 21, 2022

Confessions of a Junior RMF Consultant

By Grace Brammer, RDRP The very first time I heard about a so-called ‘RMF process,’ I was in my freshman year of college. To anyone familiar with the industry, it may come as a shock to hear that my initial exposure to RMF left me with a mixture of emotions—mostly…

Continue Reading

Post Categories: Risk Management Framework Tags:
1 2 3 … 11 Next

Site Search

Recent Posts

  • CAP Becomes CGRC? What Does This Mean?
  • Ask Dr. RMF – Teamwork? I Think Not!
  • The Army Risk Management Council (ARMC) – Part 2 The Mission Problem
  • Ask Dr. RMF – AO Picking on Us?
  • Authorizing Officials – How Many? … and Why?
© 2023 BAI Information Security Consulting & Training | Privacy Policy
Follow
                                   
Share