The RMF Hot Sauce Story

By Lon J. Berman, CISSP, RDRP If you have attended a BAI training class you should have received a “special gift” from BAI – a bottle of “RMF Hot Sauce”. Naturally we hope you and your family or friends enjoyed our little spicy treat. Over the years, lots of people…

Continue Reading

Post Categories: BAI Announcements Tags:

Ready for In-Person Classroom RMF Training?

By P. Devon Schall, Ph.D., CISSP Tired of Microsoft Teams and Zoom meetings yet? As a trained instructional designer, online college professor, residential (in-person) college professor, and Director of Training at BAI RMF Resource Center, I am opinionated and passionate about pedagogy and training delivery methods. 2020 has been full…

Continue Reading

Post Categories: RMF Training Tags:

NIST Rev. 5 Supplemental Materials

By Kathryn Daily, CISSP, CAP, RDRP Back in September of last year (2020), NIST finally published the final version of Special Publication 800-53 Revision 5. Most notably, this revision incorporated privacy considerations in the security controls themselves rather than having separate control families for the privacy controls (e.g., AR, AP,…

Continue Reading

Post Categories: NIST Privacy Framework Tags:

DFARS Compliance with CMMC/NIST SP 800-171

By Marilyn Fritz, CISSP, CISA, ITIL, PMP The new DFARS Interim Rule that went into effect November 30, 2020 is a game changer for any entities that have or are pursuing Defense Industrial Base (DIB) contracts or subcontracts. Prior to the new Interim Rule, contractors and sub-contractors could self-attest that…

Continue Reading

Post Categories: CMMC Tags:

Welcome, Step 0

By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to…

Continue Reading

Post Categories: Risk Management Framework Tags:

CMMC AB Proposes “Pay to Play” Program

By Kathryn Daily, CISSP, CAP, RDRP On Saturday, September 12th, the CMMC Accreditation Body (AB) posted a page to their website that advertised for a “Partnership Program” where contracting companies could pay up to $500,000 for a CMMC AB stamp of approval. The proposed program consists of five levels ranging…

Continue Reading

Post Categories: CMMC Tags:

Security Control Spotlight: AC-20 (Use of External Information Systems)

By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…

Continue Reading

Post Categories: Risk Management Framework Tags:  CONTROLS NIST SP 800-53 RMF