Skip to main content

Ask Dr. RMF

Dear Dr. RMF, We are having a dispute in our office about how to handle security control selection for a “non-National Security System” (non-NSS). We know DoD has mandated that System Categorization and Security Control Selection shall be done “in accordance with CNSSI 1253”. However, the CNSSI 1253 security control…

Read More

CMMC – What We Know and What We Don’t

By Kathryn Daily, CISSP, CAP, RDRP So by now, I’m sure you’ve seen a ton of articles on the Cybersecurity Maturity Model Certification (CMMC) initiative. A lot of information has been released but there are still a lot of unknowns. What We Know We know that it’s mandatory for all…

Read More

Ask Dr. RMF

Dear Dr. RMF, RMF IA-4 Identification Management control is not easy.  It has so many rabbit holes.  I am not sure how to tackle this control.  Could you please simplify this control for me.  Let’s say for IA-4 Identifier Management, the information system is a web application/web server.  For the…

Read More

Ask Dr. RMF

Dear Dr. RMF, I can tell you I am definitely new to eMass. However, I have registered several packages and brought over artifacts. I have blindly (using the job aid) assigned controls, exported the spreadsheet and reimported. Haven’t been able to produce the RAR or POAM.  With that being said,…

Read More

Ask Dr. RMF

Dear Dr. RMF, I was wondering if you could guide me to the official “source” for all SOP’s required for RMF. I have copies of SOP’s I have done for another group but these were built off templates we were given from our ISSM at the time. I have combed…

Read More

The NIST Cybersecurity Framework

By Marilyn Fritz, CISSP Cybersecurity is notoriously challenging, with every new day bringing more media stories about losses from endless breaches.  Beleaguered cybersecurity professionals are left coping with the onslaught and, more often than not, pleading for resources. Leaders in both private and public sectors all around the globe are…

Read More