Dear Dr. RMF

Dear Dr. RMF, Meredith writes: Hi Dr. RMF! We are working on the RMF package in eMASS for a new system and there is a check box labeled “National Security System”. We’re not sure whether to check this box or not. One of my colleagues thinks we should check the…

Continue Reading

Post Categories: Dr. RMF Tags:

Dear Dr. RMF

Dear Dr. RMF, “Assessed” writes: Please help me better understand RMF Assess Only. Some of my colleagues are saying we should consider pursuing an Assess Only ATO because it’s so much easier than going through the full ATO process. Is that even for real? Dr. RMF responds: RMF Assess Only…

Continue Reading

Post Categories: Dr. RMF Tags:

Dear Dr. RMF

JZ writes: I have a question regarding Control Enhancement AC-6(3). The control states that the organization authorizes network access to organization-defined privileged commands only for organization-defined compelling operational needs and documents the rationale for such access in the security plan for the information system. Does this mean that every privilege…

Continue Reading

Post Categories: Dr. RMF Tags: