Skip to main content

NIST Creates CSF Ransomware Profile

By Kathryn Daily, CISSP, CAP, RDRP Ransomware is one of the top buzzwords you here today in reference to cybersecurity with good reason. Ransomware attacks nearly doubled in the first half of 2021. Thanks to NIST, organizations now have a framework of security objectives that support preventing, responding to, and…

Read More

Dear Dr. RMF

Dear Dr. RMF, “Assessed” writes: Please help me better understand RMF Assess Only. Some of my colleagues are saying we should consider pursuing an Assess Only ATO because it’s so much easier than going through the full ATO process. Is that even for real? Dr. RMF responds: RMF Assess Only…

Read More

Dear Dr. RMF

JZ writes: I have a question regarding Control Enhancement AC-6(3). The control states that the organization authorizes network access to organization-defined privileged commands only for organization-defined compelling operational needs and documents the rationale for such access in the security plan for the information system. Does this mean that every privilege…

Read More