BAI RMF Resource Center
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF

Archives of the Category Risk Management Framework

April 18, 2023

Ask Dr. RMF – Should We Move to Rev. 5?

A reader who calls himself “Between a Rock and a Hard Place” writes: Dear Dr. RMF, My unit is in the early stages of our RMF efforts for a new information system and we are having a little bit of a “debate” about which “version” of the RMF controls we…

Continue Reading

Post Categories: Dr. RMFRisk ManagementRisk Management FrameworkUncategorized Tags:
April 18, 2023

NIST SP 800-53 Rev 5 – Coming Soon to an RMF Package Near You

by Lon J. Berman, CISSP, RDRP Those of us who have worked with government information systems for a number of years have come to realize the wheels of change turn very slowly – but they do turn! Case in point – DoD adoption of NIST Special Publication (SP) 800-53 Rev…

Continue Reading

Post Categories: emassRisk ManagementRisk Management Framework Tags:
January 18, 2023

CAP Becomes CGRC? What Does This Mean?

By Kathryn Daily, CISSP, CAP (soon to be CGRC), RDRP What is GRC?  GRC stands for Governance, Risk, and Compliance.  GRC is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity. In August of 2021 ISC2 updated the exam outline and…

Continue Reading

Post Categories: BAI AnnouncementsRisk ManagementRisk Management FrameworkRMF TrainingUncategorized Tags:
January 17, 2023

The Army Risk Management Council (ARMC) – Part 2 The Mission Problem

By Philip D. Schall, Ph.D., CISSP, RDRP For those who missed my last article titled The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC), I will provide a quick summary to bring readers up to speed. It has always been my perception that a big part of…

Continue Reading

Post Categories: Risk Management Framework Tags:
January 17, 2023

Ask Dr. RMF – AO Picking on Us?

“AO Picking on Us?” writes: Dear Dr. RMF, We have dutifully followed all the RMF process steps and created all the documentation deliverables (Security Plan, Security Assessment Report, POA&M, etc.). The package was approved by the Security Control Assessor (SCA) and sent on to the AO for final ATO approval…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
January 17, 2023

Authorizing Officials – How Many? … and Why?

By Lon J. Berman, CISSP, RDRP DoDI 8510.01, entitled Risk Management Framework for DoD Information Technology, specifies that “each DoD Information System (IS) … must have an authorizing official (AO) responsible for authorizing the system’s operation based on achieving and maintaining an acceptable risk posture.” Within each DoD Component, the…

Continue Reading

Post Categories: Risk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – AO A-Okay

“AO A-Okay” writes: I have worked on a number of different DoD contracts over the years and I’ve noticed that some of the DoD Components (e.g., Army) have different Authorizing Officials (AOs) for each of their various major commands or programs, while other DoD Components (e.g., Navy) have a single…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – Controls Freak

“Controls Freak” asks: I’m still fairly new at the profession, but since being assigned to an RMF project by my company, I have become rather obsessed with the RMF security controls. My ambition is to memorize all the controls and control enhancements in NIST 800-53 so that if someone says…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

Ask Dr. RMF – Secret Admirer

“Secret Admirer” writes: I’m finally ready to admit it publicly … I’m a huge admirer of Dr. RMF … Oh, how I love a man in a white coat! Beyond that, I do have an RMF-related question. I’m an application developer in my company and I just found out our…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
October 21, 2022

The Authorizing Official (AO) Problem & The Army Risk Management Council (ARMC)

By Philip D. Schall, Ph.D., CISSP, RDRP About four or five years ago, I had a meeting with an Army organization on the topic of providing RMF training targeted specifically at Authorizing Officials (AO’s). My memory is a bit hazy, but as I recall, after two or three meetings we…

Continue Reading

Post Categories: Risk Management Framework Tags:
1 2 3 … 6 Next

Site Search

Recent Posts

  • Ask Dr. RMF – STIG Cleanup
  • Ask Dr. RMF – Should We Move to Rev. 5?
  • NIST SP 800-53 Rev 5 – Coming Soon to an RMF Package Near You
  • The Current State of SCAP Benchmarks & Possibly the Future
  • Reflections from ISSA Colorado Springs Cyber Focus Week
© 2023 BAI Information Security Consulting & Training | Privacy Policy
Follow
                                   
Share