BAI Blog – Information Security I RMF Training

FedRAMP Turns 10!

By Kathryn Daily, CISSP, CAP, RDRP On December 8, 2021, the FedRAMP program turned 10 years old! Created in 2011, the goal for FedRAMP was to produce a cost-effective, repeatable solution for securing cloud services and cloud service providers. I think we can safely say, mission accomplished. The CGI IAAS…

Kathryn Daily In Dr. RMF

Dear Dr. RMF

Dear Dr. RMF, Meredith writes: Hi Dr. RMF! We are working on the RMF package in eMASS for a new system and there is a check box labeled “National Security System”. We’re not sure whether to check this box or not. One of my colleagues thinks we should check the…

Kathryn Daily In NIST Privacy Framework

NIST Creates CSF Ransomware Profile

By Kathryn Daily, CISSP, CAP, RDRP Ransomware is one of the top buzzwords you here today in reference to cybersecurity with good reason. Ransomware attacks nearly doubled in the first half of 2021. Thanks to NIST, organizations now have a framework of security objectives that support preventing, responding to, and…

Kathryn Daily In emass, Risk Management Framework

STIGs and the Security Control Baseline

By Lon J. Berman, CISSP, RDRP So, you’ve got your System Categorization completed and you’ve included any applicable overlays. You’ve reviewed all the resulting security controls to see if any of them should be marked Not Applicable, and, for those, you’ve written a justification. You’ve even gone through the security…

Kathryn Daily In Dr. RMF

Dear Dr. RMF

Dear Dr. RMF, “Assessed” writes: Please help me better understand RMF Assess Only. Some of my colleagues are saying we should consider pursuing an Assess Only ATO because it’s so much easier than going through the full ATO process. Is that even for real? Dr. RMF responds: RMF Assess Only…

Kathryn Daily In Federal Government, Risk Management Framework

Army streamlines RMF… or weakens it?

By Lon J. Berman, CISSP, RDRP Anyone who has endured the “adventure” of going through the full RMF life cycle can attest to the daunting amount of work and attention to detail required to be successful. Some even question whether or not all this effort is really making our…

Kathryn Daily In Dr. RMF

Dear Dr. RMF

JZ writes: I have a question regarding Control Enhancement AC-6(3). The control states that the organization authorizes network access to organization-defined privileged commands only for organization-defined compelling operational needs and documents the rationale for such access in the security plan for the information system. Does this mean that every privilege…

Kathryn Daily In Federal Government

Zero Trust Architecture in the DoD and Federal Civil Agencies

By Kathryn Daily, CISSP, CAP, RDRP If you follow any cybersecurity news, I am sure you have heard about zero trust architecture (ZTA). Historically, the authorization process has existed primarily at the perimeter of the network. In zero trust architectures, authorization happens across the surface of the network. Essentially, zero…

Kathryn Daily In Risk Management Framework

Cybersecurity Programs Need Teeth (Beyond RMF)!

By Philip D. Schall, Ph.D., CISSP, RDRP After the recent Colonial Pipeline and JBS Meat Processing ransomware attacks, I was approached multiple times by concerned friends asking if BAI could start offering cybersecurity training targeted towards private industry. My quick reply to these folks was that we have tried offering…

Kathryn Daily In BAI Announcements

Classroom RMF, eMASS, SCI/SCA, and STIG Training is Back!

BAI RMF Resource Center is pleased to announce the return of RMF, eMASS, Security Controls, and STIG training classrooms with the addition of a new location in Alexandria South adjacent to Fort Belvoir! RMF for DoD IT and Federal Agencies & eMASS eSSENTIALS ™ Pensacola — August 2nd – 6th…

Blog

FedRAMP Turns 10!

Dear Dr. RMF

NIST Creates CSF Ransomware Profile

STIGs and the Security Control Baseline

Dear Dr. RMF

Army streamlines RMF… or weakens it?

Dear Dr. RMF

Zero Trust Architecture in the DoD and Federal Civil Agencies

Cybersecurity Programs Need Teeth (Beyond RMF)!

Classroom RMF, eMASS, SCI/SCA, and STIG Training is Back!

Site Search

Recent Posts