By Philip D. Schall, Ph.D., CISSP, RDRP As spring arrives, I thought it would be beneficial to share the rumblings and conversations I heard/had at AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022 regarding my favorite topic, Risk Management Framework (RMF). Before I dive into my RMF conference debrief,…
“Thirsty for Knowledge” asks: About a year ago I completed the 4-day RMF for DoD IT training with BAI. It was time well spent and has helped me in numerous ways. Now I’m searching for additional training that can help me build on the knowledge I gained in that RMF…
By Lon J. Berman, CISSP, RDRP Sometimes I wish I had a crystal ball I could peer into to see what is in store for the future. And nowhere do I wish for this more fervently than in the area of cybersecurity and RMF. It would be lovely to know…
By Kathryn Daily, CISSP, CAP, RDRP On February 7, 2022, The Office of the Director of National Intelligence (ODNI) released the Annual Threat Assessment of the U.S. Intelligence Community. In its assessment of Russia and their Cyber capabilities, ODNI assessed that Russia will remain a top cyber threat as it…
“Identity Crisis” writes: I am a contractor working on development of a system that is jointly owned by a DoD agency and a federal civil agency (Dept. of Treasury). My company is expected to do most of the “heavy lifting” to develop the RMF package for this system and we…
“Overlay Layover” asks: I’m a little bit confused about how to find available security controls overlays. According to the RMF policy (DoD Instruction 8510.01) and the RMF Knowledge Service, approved overlays can be found on the CNSS.GOV website. Well, I keep looking there and all I see are the same…
By Lon J. Berman, CISSP, RDRP Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard. When DoD first adopted RMF … back in 2014! …they expressed their commitment to “keeping up” with the…
“By far one of the best courses I have taken in a long time. I just finished up a 10-week graduate course on RMF, and I learned more in this 4-day class from Linda than I did the entire 10 weeks, best money I have ever spent!!” – BAI RMF…
“In Search of Perfection” writes: One of my customers was told by their Security Control Assessor (SCA) that they could not get Authorization To Operate (ATO) unless their POA&M had zero open items; in other words, they are expected to be 100% compliant with all the controls in their baseline….
By Kathryn Daily, CISSP, CAP, RDRP On December 8, 2021, the FedRAMP program turned 10 years old! Created in 2011, the goal for FedRAMP was to produce a cost-effective, repeatable solution for securing cloud services and cloud service providers. I think we can safely say, mission accomplished. The CGI IAAS…