BAI Blog – Information Security I RMF Training

RMF Knowledge Service Update as of 8/30/2023

Well as you probably know if you're here, RMF Knowledge Service has been down for several months for unknown reasons. This morning the page loaded, and presented a login option, but then threw a runtime error. A few minutes later, it was again unreachable. While it keeps like one step…

Kathryn Daily In Uncategorized

Come See Us at TechNet Augusta 2023!

Are you going to Technet Augusta? So are we! (Did we just become best friends? 👫) Come see us at booth 216. We will have informational handouts, RMF hot sauce, and maybe a funny joke. 🥳

Kathryn Daily In Risk Management, Risk Management Framework, RMF Training, Security Controls Implementation and Assessment

10 Concepts for a Thriving RMF Program

By Amanda Lowell, Security+ CE, RDRP My friends and I joke that being in the field of cybersecurity is equivalent to searching for unicorns–achieving cybersecurity is a myth… Let me explain. The “cybersecurity” buzzword, as it is thrown around by executives today, is a myth. The concept of…

Lon Berman In Dr. RMF, Federal Government, Risk Management Framework, Uncategorized

Ask Dr. RMF – Getting into the Knowledge Service

A reader who calls herself “Thirsting for Knowledge” asks: Dear Dr. RMF, Recently I’ve seen a few RMF-related articles online that referred to something called the “knowledge service”. Can you tell me what exactly this service is and if you think it would help me develop my RMF skills. Is…

Lon Berman In Dr. RMF, emass, Risk Management Framework, Uncategorized

Ask Dr. RMF – About Appointment Letters

A reader who calls himself “Dis-appointed?” asks: Dear Dr. RMF, Are appointment letters required to obtain an eMASS account for the roles of ISSO, ISSM, and SCA? Also, are appointment letters required for executing the roles of ISSO, ISSM and SCA (outside of obtaining eMASS accounts)? Dr. RMF Responds: Dear…

Lon Berman In Cybersecurity Framework, Dr. RMF, emass, Risk Management Framework, Security Technical Implementation Guides

Risk Management Framework (RMF) Tomorrow: Truth or Fiction?

This blog excerpt is taken from our July 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Lon J. Berman, CISSP, RDRP When it comes to the future of RMF, rumors abound but truth is hard to come by. In this article, we’ll take a look at…

Kathryn Daily In NIST 800-53, Risk Management Framework, Security Controls Implementation and Assessment, Supply Chain Risk Management

NIST SP 800-53: What’s the Delta from Rev. 4 to Rev. 5?

This blog excerpt is taken from our July 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP NIST SP 800-53 (National Institute of Standards and Technology Special Publication 800-53) provides a set of security and privacy controls for information systems…

Devon Schall In Registered DoD RMF Practitioner (RDRP), Risk Management, Risk Management Framework, RMF Training

So, You Think You Can Practice RMF: Breaking into Cybersecurity as an RMF Practitioner

This blog excerpt is taken from our July 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Philip D. Schall, Ph.D., CISSP, RDRP As a college professor and Director of Training at BAI RMF Resource Center, I often am approached by students of all ages asking how they…

Lon Berman In Dr. RMF, Security Technical Implementation Guides, Uncategorized

Ask Dr. RMF – STIG Cleanup

A reader who calls herself "Cleanup Mode" writes: Dear Dr. RMF, I have recently taken over responsibility for a couple of systems and the RMF packages are a mess! I'm trying to make some sense out of how they handled the STIGs and it just makes no sense to me.…

Lon Berman In Dr. RMF, Risk Management, Risk Management Framework, Uncategorized

Ask Dr. RMF – Should We Move to Rev. 5?

A reader who calls himself "Between a Rock and a Hard Place" writes: Dear Dr. RMF, My unit is in the early stages of our RMF efforts for a new information system and we are having a little bit of a "debate" about which "version" of the RMF controls we…

Blog