By Lon J. Berman, CISSP, RDRP So, you’ve got your System Categorization completed and you’ve included any applicable overlays. You’ve reviewed all the resulting security controls to see if any of them should be marked Not Applicable, and, for those, you’ve written a justification. You’ve even gone through the security…
By Philip D. Schall, Ph.D., CISSP, RDRP I consistently experience two common scenarios at almost every DoD cybersecurity conference I attend. The first generally revolves around a high-ranking DoD official giving a presentation and RMF being referenced in a negative light with implications that RMF needs to be more efficient…
By Lon J. Berman, CISSP, RDRP Anyone who has endured the “adventure” of going through the full RMF life cycle can attest to the daunting amount of work and attention to detail required to be successful. Some even question whether or not all this effort is really making our…
By Philip D. Schall, Ph.D., CISSP, RDRP After the recent Colonial Pipeline and JBS Meat Processing ransomware attacks, I was approached multiple times by concerned friends asking if BAI could start offering cybersecurity training targeted towards private industry. My quick reply to these folks was that we have tried offering…
By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharma-cy records. The breach was caused by a vulnerability in the Accellion file-sharing system which the grocery chain immediately stopped using. As…
By Lon J. Berman, CISSP, RDRP More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”. With widespread adoption of RMF throughout most federal civil agencies, DoD components and intelligence community agencies, it is safe to say…
Why Free Online Training Isn’t Enough By Philip D. Schall, Ph.D., CISSP, RDRP At BAI RMF Resource Center, we often have conversations with our students on the topic of taking formal classroom RMF training. In the mod-ern digital landscape, we are able to learn about and complete projects we never…
By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to…
By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…
By Lon J. Berman, CISSP, RDRP This month we will be celebrating our oldest grandson’s tenth birthday. It suddenly made me realize that with everything that’s been going on in 2020, it appears we missed another significant birthday this year – February marked the tenth birthday of the Risk Management…
