BAI Blog – Information Security I RMF Training

Kathryn Daily In Risk Management Framework

NIST SP 800-53 Rev. 5—A Summary of What is to Come

In an effort to strengthen the trustworthiness and resilience of the information systems, component products and services that the federal government depends on in every critical infrastructure sector and which support the economic and national security interests of the United states, NIST has released an up-dated version of the NIST…

Kathryn Daily In BAI Announcements, RMF Training

Online Personal Classroom™ Brings RMF Training to You

By Lon J. Berman, CISSP, RDRP DoD and Federal agencies and their supporting contractors are struggling to adapt to the “new reality” of travel restrictions, mandatory telework and social distancing. While we don’t know how long these conditions will last, we do know that all organizations must continue to perform…

Kathryn Daily In NISP, Risk Management Framework

RMF and eMASS in the National Industrial Security Program (NISP)

By Lon J. Berman, CISSP, RDRP Organizations performing classified work for DoD (aka. Cleared Contractor Facilities) are governed by the National Industrial Security Program (NISP). NISP is administered by the Defense Counterintelligence and Security Agency (DCSA), formerly known as the Defense Security Service (DSS). In general, companies covered by NISP…

Lon Berman In Dr. RMF

Ask Dr. RMF

Dear Dr. RMF, We are having a dispute in our office about how to handle security control selection for a “non-National Security System” (non-NSS). We know DoD has mandated that System Categorization and Security Control Selection shall be done “in accordance with CNSSI 1253”. However, the CNSSI 1253 security control…

Kathryn Daily In CMMC

CMMC – What We Know and What We Don’t

By Kathryn Daily, CISSP, CAP, RDRP So by now, I’m sure you’ve seen a ton of articles on the Cybersecurity Maturity Model Certification (CMMC) initiative. A lot of information has been released but there are still a lot of unknowns. What We Know We know that it’s mandatory for all…

Kathryn Daily In Risk Management Framework

U.S. Army Moves Towards Threat-Based RMF Approach (Project Sentinel)

By Philip D. Schal, Ph.D., CISSP, RDRP What is Project Sentinel? The United States Army recently announced that it is launching a new initiative called Project Sentinel. Project Sentinel is described as an adaption of the traditional RMF process with goals of streamlining RMF into a threat informed risk decision…

Kathryn Daily In emass, Risk Management Framework

The Expanding Role of eMASS

By Lon J Berman, CISSP, RDRP The Enterprise Mission Assurance Support Service (eMASS) is a DoD system that serves as an information repository and workflow manager for the Risk Management Framework (RMF) process. The history of eMASS can be traced back to a project called Digital DITSCAP at the Defense…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF

Dear Dr. RMF, RMF IA-4 Identification Management control is not easy. It has so many rabbit holes. I am not sure how to tackle this control. Could you please simplify this control for me. Let's say for IA-4 Identifier Management, the information system is a web application/web server. For the…

Lon Berman In Dr. RMF, emass

Ask Dr. RMF

Dear Dr. RMF, I can tell you I am definitely new to eMass. However, I have registered several packages and brought over artifacts. I have blindly (using the job aid) assigned controls, exported the spreadsheet and reimported. Haven't been able to produce the RAR or POAM. With that being said,…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF

Dear Dr. RMF, I was wondering if you could guide me to the official "source" for all SOP's required for RMF. I have copies of SOP's I have done for another group but these were built off templates we were given from our ISSM at the time. I have combed…

Blog

NIST SP 800-53 Rev. 5—A Summary of What is to Come

Online Personal Classroom™ Brings RMF Training to You

RMF and eMASS in the National Industrial Security Program (NISP)

Ask Dr. RMF

CMMC – What We Know and What We Don’t

U.S. Army Moves Towards Threat-Based RMF Approach (Project Sentinel)

The Expanding Role of eMASS

Ask Dr. RMF

Ask Dr. RMF

Ask Dr. RMF

Site Search

Recent Posts