CMMC AB Proposes “Pay to Play” Program

By Kathryn Daily, CISSP, CAP, RDRP On Saturday, September 12th, the CMMC Accreditation Body (AB) posted a page to their website that advertised for a “Partnership Program” where contracting companies could pay up to $500,000 for a CMMC AB stamp of approval. The proposed program consists of five levels ranging…

Continue Reading

Post Categories: CMMC Tags:

Security Control Spotlight: AC-20 (Use of External Information Systems)

By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…

Continue Reading

Post Categories: Risk Management Framework Tags:  CONTROLS NIST SP 800-53 RMF

Dear Dr. RMF

Daphne in Kansas City asks: Dr. RMF, we are bidding on a multi-year contract to provide services to a DoD agency. The process is down to the final stage and we are looking good to win the work. Assuming we are awarded the work, the government will be requiring us…

Continue Reading

Post Categories: Dr. RMF Tags:

Dear Dr. RMF

Sean from US Navy asks: Dr. RMF, we are working on an acquisition for several new medical imaging devices in our hospital. Each of these new devices contains an embedded computer running the Linux operating system. A connection to the hospital’s data network is used to send imaging data to…

Continue Reading

Post Categories: Dr. RMF Tags:

New Training Opportunity!

Security Controls Implementation Workshop By P. Devon Schall, PhD, CISSP, RDRP If you ask an RMF practitioner what the most challenging part of the RMF process is you’re likely to hear them reference responding to security controls! With thousands of assessment procedures, even those with a strong understanding of RMF…

Continue Reading

Post Categories: BAI Announcements Tags:

Dear Dr. RMF

Tony from OSD asks: Dr. RMF, I currently assess a boundary that includes all of our desktops, laptops, network printers, and some local printers. There are a number of devices (i.e. desktop/laptops) that don’t store Personally Identifiable Information (PII) per se, but will disseminate PII to our records management boundary…

Continue Reading

Post Categories: Dr. RMF Tags:

Happy Birthday, RMF!

By Lon J. Berman, CISSP, RDRP This month we will be celebrating our oldest grandson’s tenth birthday. It suddenly made me realize that with everything that’s been going on in 2020, it appears we missed another significant birthday this year – February marked the tenth birthday of the Risk Management…

Continue Reading

Post Categories: Risk Management Framework Tags:

BAI’s Hands-on eMASS Simulator

by P. Devon Schall, PhD, CISSP, RDRP BAI recognizes that eMASS is a stumbling block for many new RMF practitioners. To mitigate these challenges, our instructional designers felt the creation of an eMASS sandbox environment where our students could practice working in eMASS without being scared to submit incorrect data…

Continue Reading

Post Categories: emass Tags:

RMF Supplement for DCSA Cleared Contractors

By Lon J. Berman, CISSP, RDRP In a previous edition (January, 2020) of RMF Today … and Tomorrow, we presented an overview of the adoption of RMF and eMASS by the Defense Counterintelligence and Security Agency (DCSA) for use by cleared contractor companies operating within the National Industrial Security Program…

Continue Reading

Post Categories: DCSA Tags: