BAI Blog – Information Security I RMF Training

Lon Berman In Dr. RMF, Risk Management Framework

Ask Dr. RMF – Secret Admirer

“Secret Admirer” writes: I’m finally ready to admit it publicly … I’m a huge admirer of Dr. RMF … Oh, how I love a man in a white coat! Beyond that, I do have an RMF-related question. I’m an application developer in my company and I just found out our…

Devon Schall In Risk Management Framework

The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC)

By Philip D. Schall, Ph.D., CISSP, RDRP About four or five years ago, I had a meeting with an Army organization on the topic of providing RMF training targeted specifically at Authorizing Officials (AO’s). My memory is a bit hazy, but as I recall, after two or three meetings we…

Kathryn Daily In Risk Management Framework

Confessions of a Junior RMF Consultant

By Grace Brammer, RDRP The very first time I heard about a so-called ‘RMF process,’ I was in my freshman year of college. To anyone familiar with the industry, it may come as a shock to hear that my initial exposure to RMF left me with a mixture of emotions—mostly…

Kathryn Daily In NIST Privacy Framework, Risk Management Framework

NIST Updates the AI RMF

By Kathryn Daily, CISSP, CAP, RDRP Artificial intelligence (AI) is the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages. One example of AI is the use of virtual filters on our face…

Lon Berman In NIST Privacy Framework, Risk Management Framework

NIST Evaluation Tool for Continuous Monitoring Programs

By Lon J. Berman, CISSP, RDRP Information Security Continuous Monitoring (ISCM) is arguably the most important step in the Risk Management Framework (RMF), since it is here that we ensure a system’s level of risk is maintained at an acceptable level over the long term. The recent initiative to establish…

Devon Schall In BAI Announcements, Risk Management Framework, RMF Training

Is RMF Project Management Advantage Right for Me?

By Philip D. Schall, Ph.D., CISSP, RDRP First off, I would like to congratulate Director of Cybersecurity and Information Assurance at Army CIO/G-6, Nancy Kreidler on her recent retirement! As a self-proclaimed RMF nerd, I found one of her recent posts on LinkedIn humorous with the following lines “Step 1…

Lon Berman In Dr. RMF

Dear Dr. RMF – New AO

“New AO, new game?” writes: We just found out our Authorizing Official will be retiring next month and there is still no word on who his replacement will be. What sort of problems can we anticipate when a new AO takes over the reins? How much flexibility will he/she have…

Lon Berman In Dr. RMF, Risk Management Framework

Dear Dr. RMF – Death by POAM

“Death by POAM” writes: I just started a new job and I am a bit surprised at what I am seeing with the POA&Ms for the various systems in my new agency. At my previous place of employment we carefully maintained POA&Ms for several systems. In all cases, each line…

Kathryn Daily In NIST Privacy Framework, Risk Management Framework

NIST to Update the CSF Based on Responses from Industry and More!

By Kathryn Daily, CISSP, CAP, RDRP Back in February, NIST issued a public Request for Information (RFI) to identify how the Cyber Security Framework was being used and also for recommendations on improving the effectiveness of the Framework and its alignment with other cyber security resources. “Every Organization needs to…

Lon Berman In Dr. RMF, Risk Management Framework

Dear Dr. RMF – Let’s Get Physical

“Let’s Get Physical” asks: Control Enhancement AT-3(2) states “The organization provides … training in the employment and operation of physical security controls”. Our system is hosted in the cloud (by a commercial cloud service provider) and therefore we have no physical security controls within our system boundary. At first we…

Blog

Ask Dr. RMF – Secret Admirer

The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC)

Confessions of a Junior RMF Consultant

NIST Updates the AI RMF

NIST Evaluation Tool for Continuous Monitoring Programs

Is RMF Project Management Advantage Right for Me?

Dear Dr. RMF – New AO

Dear Dr. RMF – Death by POAM

NIST to Update the CSF Based on Responses from Industry and More!

Dear Dr. RMF – Let’s Get Physical

Site Search

Recent Posts