“AO A-Okay” writes: I have worked on a number of different DoD contracts over the years and I’ve noticed that some of the DoD Components (e.g., Army) have different Authorizing Officials (AOs) for each of their various major commands or programs, while other DoD Components (e.g., Navy) have a single…
“Controls Freak” asks: I’m still fairly new at the profession, but since being assigned to an RMF project by my company, I have become rather obsessed with the RMF security controls. My ambition is to memorize all the controls and control enhancements in NIST 800-53 so that if someone says…
“Secret Admirer” writes: I’m finally ready to admit it publicly … I’m a huge admirer of Dr. RMF … Oh, how I love a man in a white coat! Beyond that, I do have an RMF-related question. I’m an application developer in my company and I just found out our…
By Philip D. Schall, Ph.D., CISSP, RDRP About four or five years ago, I had a meeting with an Army organization on the topic of providing RMF training targeted specifically at Authorizing Officials (AO’s). My memory is a bit hazy, but as I recall, after two or three meetings we…
By Grace Brammer, RDRP The very first time I heard about a so-called ‘RMF process,’ I was in my freshman year of college. To anyone familiar with the industry, it may come as a shock to hear that my initial exposure to RMF left me with a mixture of emotions—mostly…
By Kathryn Daily, CISSP, CAP, RDRP Artificial intelligence (AI) is the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages. One example of AI is the use of virtual filters on our face…
By Lon J. Berman, CISSP, RDRP Information Security Continuous Monitoring (ISCM) is arguably the most important step in the Risk Management Framework (RMF), since it is here that we ensure a system’s level of risk is maintained at an acceptable level over the long term. The recent initiative to establish…
By Philip D. Schall, Ph.D., CISSP, RDRP First off, I would like to congratulate Director of Cybersecurity and Information Assurance at Army CIO/G-6, Nancy Kreidler on her recent retirement! As a self-proclaimed RMF nerd, I found one of her recent posts on LinkedIn humorous with the following lines “Step 1…
“Death by POAM” writes: I just started a new job and I am a bit surprised at what I am seeing with the POA&Ms for the various systems in my new agency. At my previous place of employment we carefully maintained POA&Ms for several systems. In all cases, each line…
By Kathryn Daily, CISSP, CAP, RDRP Back in February, NIST issued a public Request for Information (RFI) to identify how the Cyber Security Framework was being used and also for recommendations on improving the effectiveness of the Framework and its alignment with other cyber security resources. “Every Organization needs to…
