BAI Blog – Information Security I RMF Training

Lon Berman In emass, Risk Management, Risk Management Framework

NIST SP 800-53 Rev 5 – Coming Soon to an RMF Package Near You

by Lon J. Berman, CISSP, RDRP Those of us who have worked with government information systems for a number of years have come to realize the wheels of change turn very slowly – but they do turn! Case in point – DoD adoption of NIST Special Publication (SP) 800-53 Rev…

Kathryn Daily In Continuous Monitoring, RMF Training, Security Technical Implementation Guides, Uncategorized

The Current State of SCAP Benchmarks & Possibly the Future

This blog excerpt is taken from our April 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP As some may have heard, SCAP Compliance Checker (SCC) has lost funding from DISA as of the end of FY22 and as a…

Devon Schall In Uncategorized

Reflections from ISSA Colorado Springs Cyber Focus Week

This blog excerpt is taken from our April 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter. By: Devon Schall, Ph.D., CISSP On March 30th, I had the opportunity to attend the primary conference day for Information Systems Security Association (ISSA) Colorado Springs Cyber Focus Week hosted at…

Kathryn Daily In BAI Announcements, Risk Management, Risk Management Framework, RMF Training, Uncategorized

CAP Becomes CGRC? What Does This Mean?

By Kathryn Daily, CISSP, CAP (soon to be CGRC), RDRP What is GRC? GRC stands for Governance, Risk, and Compliance. GRC is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity. In August of 2021 ISC2 updated the exam outline and…

Lon Berman In Dr. RMF, emass

Ask Dr. RMF – Teamwork? I Think Not!

“Teamwork? I think not!” writes: Dear Dr. RMF, I am trying to put together a team to work the RMF process for a new system that’s under development. I got the bright idea of having each of the team members take responsibility for the security controls that are pertinent to…

Devon Schall In Risk Management Framework

The Army Risk Management Council (ARMC) – Part 2 The Mission Problem

By Philip D. Schall, Ph.D., CISSP, RDRP For those who missed my last article titled The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC), I will provide a quick summary to bring readers up to speed. It has always been my perception that a big part of…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF – AO Picking on Us?

“AO Picking on Us?” writes: Dear Dr. RMF, We have dutifully followed all the RMF process steps and created all the documentation deliverables (Security Plan, Security Assessment Report, POA&M, etc.). The package was approved by the Security Control Assessor (SCA) and sent on to the AO for final ATO approval…

Lon Berman In Risk Management Framework

Authorizing Officials – How Many? … and Why?

By Lon J. Berman, CISSP, RDRP DoDI 8510.01, entitled Risk Management Framework for DoD Information Technology, specifies that “each DoD Information System (IS) … must have an authorizing official (AO) responsible for authorizing the system’s operation based on achieving and maintaining an acceptable risk posture.” Within each DoD Component, the…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF – AO A-Okay

“AO A-Okay” writes: I have worked on a number of different DoD contracts over the years and I’ve noticed that some of the DoD Components (e.g., Army) have different Authorizing Officials (AOs) for each of their various major commands or programs, while other DoD Components (e.g., Navy) have a single…

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF – Controls Freak

“Controls Freak” asks: I’m still fairly new at the profession, but since being assigned to an RMF project by my company, I have become rather obsessed with the RMF security controls. My ambition is to memorize all the controls and control enhancements in NIST 800-53 so that if someone says…

Blog

NIST SP 800-53 Rev 5 – Coming Soon to an RMF Package Near You

The Current State of SCAP Benchmarks & Possibly the Future

Reflections from ISSA Colorado Springs Cyber Focus Week

CAP Becomes CGRC? What Does This Mean?

Ask Dr. RMF – Teamwork? I Think Not!

The Army Risk Management Council (ARMC) – Part 2 The Mission Problem

Ask Dr. RMF – AO Picking on Us?

Authorizing Officials – How Many? … and Why?

Ask Dr. RMF – AO A-Okay

Ask Dr. RMF – Controls Freak

Site Search

Recent Posts