BAI Blog – Information Security I RMF Training

Third Party Cybersecurity Assessments for Contractors

By Kathryn Daily, CISSP, CAP, RDRP That’s an eye-catching headline, right? Unfortunately, it’s not actually a thing, at least not yet, but will be in the future, if I get my way. Currently, all federal information systems are required to go through an Assessment and Authorization (A&A) process to be…

Kathryn Daily In Cybersecurity Framework

The NIST Cybersecurity Framework

By Marilyn Fritz, CISSP Cybersecurity is notoriously challenging, with every new day bringing more media stories about losses from endless breaches. Beleaguered cybersecurity professionals are left coping with the onslaught and, more often than not, pleading for resources. Leaders in both private and public sectors all around the globe are…

Kathryn Daily In NIST Privacy Framework

NIST Privacy Framework: An Update

By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off of their cybersecurity framework that has been extremely successful in both government and the private sector. NIST has worked with industry through webinars and workshops and incorporated both public…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF

Dear Dr. RMF, First of all, just stumbled across this blog few days ago....awesome! There is piles of documentation but not enough community sourced help for the RMF process. I tried starting an RMF sub-reddit but it never took off! I have so many questions! But one in particular that…

Lon Berman In Dr. RMF, FEDRamp, Risk Management Framework

Ask Dr. RMF

Dear Dr. RMF, Government IT Security staff work with systems owners to make sure that all systems in the agency have implemented the proper Risk Management Framework (RMF) controls. Organizations have deployed technologies like eMASS, XACTA, and RSA to manage the workflow and documentation for the RMF for their systems.…

Kathryn Daily In Risk Management Framework, Uncategorized

RMF Conference Observations

By P. Devon Schall, PhD, CISSP, RDRP Over the past 12 months, I have attended a handful of DoD cybersecurity conferences with the goal of convincing the DoD community that RMF training is a key solution in combatting the perceived RMF crisis. These conferences include the Air Force Information Technology…

Kathryn Daily In Risk Management Framework, Uncategorized

Security Control Inheritance

By Lon J. Berman CISSP, RDRP CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system…

Kathryn Daily In Risk Management Framework

Powerful but not well understood: Reciprocity, Type Authorization, and Assess Only

By Lon J. Berman, CISSP, RDRP All of us who have spent time working with RMF have come to understand just what a time-consuming and resource-intensive process it can be. As bad as that may be, it is made even worse when the same application or system ends up going…

Kathryn Daily In Risk Management Framework

The Results Are In!

A Quantitative Study on the Receipt of Formalized RMF Training and Perceptions of RMF Effectiveness, Sustainability, and Commitment in RMF Practitioners. By P. Devon Schall, Ph.D., CISSP, RDRP Over the past year, I have conducted research on the relationship between the receipt of formalized RMF training and perceptions…

Kathryn Daily In Risk Management Framework

NIST 800-37 Rev 2: It’s Official!

By Kathryn Daily, CISSP, CAP, RDRP NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be key for an authorization decision. “RMF 2.0 gives federal agencies a very powerful tool to manage both…

Blog

Third Party Cybersecurity Assessments for Contractors

The NIST Cybersecurity Framework

NIST Privacy Framework: An Update

Ask Dr. RMF

Ask Dr. RMF

RMF Conference Observations

Security Control Inheritance

Powerful but not well understood: Reciprocity, Type Authorization, and Assess Only

The Results Are In!

NIST 800-37 Rev 2: It’s Official!

Site Search

Recent Posts