BAI Blog – Information Security I RMF Training

Dear Dr. RMF – Informed

“Just want to be informed” writes: As a consultant, I try very hard to keep up with all the RMF publications so I can best serve my clients. On the NIST website I found a mailing list you can subscribe to. I signed up and now I receive regular e-mails…

Devon Schall In Risk Management Framework

Observations from AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022

By Philip D. Schall, Ph.D., CISSP, RDRP As spring arrives, I thought it would be beneficial to share the rumblings and conversations I heard/had at AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022 regarding my favorite topic, Risk Management Framework (RMF). Before I dive into my RMF conference debrief,…

Lon Berman In Dr. RMF, RMF Training

Dear Dr. RMF – Thirsty for Knowledge

“Thirsty for Knowledge” asks: About a year ago I completed the 4-day RMF for DoD IT training with BAI. It was time well spent and has helped me in numerous ways. Now I’m searching for additional training that can help me build on the knowledge I gained in that RMF…

Lon Berman In emass, Risk Management Framework

RMF for DoD IT — What Changes Might Lie Ahead?

By Lon J. Berman, CISSP, RDRP Sometimes I wish I had a crystal ball I could peer into to see what is in store for the future. And nowhere do I wish for this more fervently than in the area of cybersecurity and RMF. It would be lovely to know…

Kathryn Daily In Federal Government

FISMA 2022 Update

By Kathryn Daily, CISSP, CAP, RDRP On February 7, 2022, The Office of the Director of National Intelligence (ODNI) released the Annual Threat Assessment of the U.S. Intelligence Community. In its assessment of Russia and their Cyber capabilities, ODNI assessed that Russia will remain a top cyber threat as it…

Lon Berman In Dr. RMF

Dear Dr. RMF

“Identity Crisis” writes: I am a contractor working on development of a system that is jointly owned by a DoD agency and a federal civil agency (Dept. of Treasury). My company is expected to do most of the “heavy lifting” to develop the RMF package for this system and we…

Lon Berman In Dr. RMF

Dear Dr. RMF

“Overlay Layover” asks: I’m a little bit confused about how to find available security controls overlays. According to the RMF policy (DoD Instruction 8510.01) and the RMF Knowledge Service, approved overlays can be found on the CNSS.GOV website. Well, I keep looking there and all I see are the same…

Kathryn Daily In NIST Privacy Framework

DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?

By Lon J. Berman, CISSP, RDRP Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard. When DoD first adopted RMF … back in 2014! …they expressed their commitment to “keeping up” with the…

Devon Schall In Risk Management Framework, RMF Training

The Pedagogy of RMF Training

“By far one of the best courses I have taken in a long time. I just finished up a 10-week graduate course on RMF, and I learned more in this 4-day class from Linda than I did the entire 10 weeks, best money I have ever spent!!” - BAI RMF…

Lon Berman In Dr. RMF

Dear Dr. RMF

“In Search of Perfection” writes: One of my customers was told by their Security Control Assessor (SCA) that they could not get Authorization To Operate (ATO) unless their POA&M had zero open items; in other words, they are expected to be 100% compliant with all the controls in their baseline.…

Blog

Dear Dr. RMF – Informed

Observations from AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022

Dear Dr. RMF – Thirsty for Knowledge

RMF for DoD IT — What Changes Might Lie Ahead?

FISMA 2022 Update

Dear Dr. RMF

Dear Dr. RMF

DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?

The Pedagogy of RMF Training

Dear Dr. RMF

Site Search

Recent Posts