By P. Devon Schall, CISSP, RDRP With the addition of Step 0 to the RMF life cycle (a preparation step that BAI has been preaching for years which is now being implemented in SP 800-37 Rev. 2), we decided to make this month’s top ten list based on preparation. Preparation…
By Kathryn Daily, CISSP, RDRP If you heard a whooshing sound on New Year’s Eve, that was probably the deadline for compliance with NIST 171 flying by. A lot of you might be asking “What is NIST 171?” NIST 171 is a set of requirements documented in the NIST Special…
By Lon J. Berman, CISSP, RDRP BAI has recently expanded its training program to include training for the Certified Information Systems Security Professional (CISSP) credential. Beginning in February 2018, we are offering an intensive five-day course designed to prepare students for the CISSP certification exam. CISSP is an internationally recognized…
By P. Devon Schall, MS, MAEd, CISSP, RDRP We are excited to announce the addition of RMF supplemental training courses to our training catalog. After extensive discussion regarding our 2018 curriculum, we felt we would benefit students the most by offering “bitesized” courses to supplement our core four-day RMF for…
Security Control Spotlight— Inheritance from a FedRAMP Approved CSP By Kathryn M. Daily, CISSP, RDRP In a previous issue, security control inheritance from an external system hosted at a departmental or agency data center was discussed. In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service…
Registered DoD RMF Practitioner (RDRP) By Lon J. Berman, CISSP, RDRP BAI Information Security is pleased to announce the upcoming launch of a new program called Registered DoD RMF Practitioner (RDRP) – a network of security professionals specializing in supporting RMF in DoD programs. The requirements to join RDRP are…
Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF) By P. Devon Schall, CISSP, RDRP I recently attended the Cybersecurity Framework (CSF) Workshop from May 16-17 at NIST in Gaithersburg, Maryland. The workshop proved to be informative in relation to how government and industry are implementing the guidance issued…
Continuous Monitoring Today—And Tomorrow By Lon J. Berman, CISSP, RDRP Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security Controls”. Many security professionals would argue it is the most important step, since monitoring is what transforms RMF from yet another “point in time” evaluation to a true…
Top Ten—Things You Should Know about eMASS By Lon J. Berman, CISSP The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services for comprehensive, fully-integrated cybersecurity management, including controls scorecard measurement, dashboard reporting, and the generation of Risk…
NIST SP 800-53 Rev 5 – Big Changes Coming? By Lon J. Berman, CISSP As you probably know, the “catalog” of security controls used in RMF is derived from NIST Special Publication (SP) 800-53 Rev 4. What you may not know is that NIST is hard at work on SP…
