BAI RMF Resource Center
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF
  • Home
  • About
    • About Us
    • Our Team
    • Testimonials
  • Training
    • BAI Training Programs
    • RMF Training
      • RMF for DoD IT Training
      • RMF for Federal Agencies Training
      • RMF Supplement for DCSA Cleared Contractors
    • RMF Supplemental Training
      • eMASS eSSENTIALS Training
      • STIG 101 Training
      • RMF in the Cloud Training
      • RMF Project Management Advantage
      • Security Controls Assessment Workshop
      • Security Controls Implementation Workshop
      • Continuous Monitoring Training
    • DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop
    • Cybersecurity Framework (CSF)
    • Certification Training
      • CAP Prep
      • Certification Training
  • Consulting
    • BAI Consulting
      • RMF Consulting for DOD/Federal Agencies
      • RMF Consulting Services for Product Developers and Vendors
      • RMF Consulting Services for Service Providers
      • Information Security Compliance – Building Controls
      • Information Security Compliance – Medical Devices
  • Upcoming Classes
    • Course List
    • Course Calendar
    • Locations
  • News
    • Press
    • Blog
    • Newsletter
  • Resources/Publications
    • Registration Helpful Hints
    • RMF Micro Edition Videos
    • Ask Dr. RMF
    • What is RMF?
    • RMF Publications
    • What is CMMC?
    • CMMC Publications
    • What is CSF?
    • CSF Publications
  • RDRP
    • What is RDRP?
    • RDRP Application
    • RDRP Directory
  • Contact
    • Contact Us
    • Partner With Us!
    • Submit RFP
    • Submit Your Dilemma to Dr. RMF

Archives of the Category Risk Management Framework

July 18, 2022

NIST Evaluation Tool for Continuous Monitoring Programs

By Lon J. Berman, CISSP, RDRP Information Security Continuous Monitoring (ISCM) is arguably the most important step in the Risk Management Framework (RMF), since it is here that we ensure a system’s level of risk is maintained at an acceptable level over the long term. The recent initiative to establish…

Continue Reading

Post Categories: NIST Privacy FrameworkRisk Management Framework Tags:
July 18, 2022

Is RMF Project Management Advantage Right for Me?

By Philip D. Schall, Ph.D., CISSP, RDRP First off, I would like to congratulate Director of Cybersecurity and Information Assurance at Army CIO/G-6, Nancy Kreidler on her recent retirement! As a self-proclaimed RMF nerd, I found one of her recent posts on LinkedIn humorous with the following lines “Step 1…

Continue Reading

Post Categories: BAI AnnouncementsRisk Management FrameworkRMF Training Tags:
July 18, 2022

Dear Dr. RMF – Death by POAM

“Death by POAM” writes: I just started a new job and I am a bit surprised at what I am seeing with the POA&Ms for the various systems in my new agency. At my previous place of employment we carefully maintained POA&Ms for several systems. In all cases, each line…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
July 18, 2022

NIST to Update the CSF Based on Responses from Industry and More!

By Kathryn Daily, CISSP, CAP, RDRP Back in February, NIST issued a public Request for Information (RFI) to identify how the Cyber Security Framework was being used and also for recommendations on improving the effectiveness of the Framework and its alignment with other cyber security resources. “Every Organization needs to…

Continue Reading

Post Categories: NIST Privacy FrameworkRisk Management Framework Tags:
July 18, 2022

Dear Dr. RMF – Let’s Get Physical

“Let’s Get Physical” asks: Control Enhancement AT-3(2) states “The organization provides … training in the employment and operation of physical security controls”. Our system is hosted in the cloud (by a commercial cloud service provider) and therefore we have no physical security controls within our system boundary. At first we…

Continue Reading

Post Categories: Dr. RMFRisk Management Framework Tags:
April 4, 2022

Observations from AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022

By Philip D. Schall, Ph.D., CISSP, RDRP As spring arrives, I thought it would be beneficial to share the rumblings and conversations I heard/had at AFCEA West 2022 and Rocky Mountain Cyberspace Symposium 2022 regarding my favorite topic, Risk Management Framework (RMF). Before I dive into my RMF conference debrief,…

Continue Reading

Post Categories: Risk Management Framework Tags:
April 4, 2022

RMF for DoD IT — What Changes Might Lie Ahead?

By Lon J. Berman, CISSP, RDRP Sometimes I wish I had a crystal ball I could peer into to see what is in store for the future. And nowhere do I wish for this more fervently than in the area of cybersecurity and RMF. It would be lovely to know…

Continue Reading

Post Categories: emassRisk Management Framework Tags:
January 18, 2022

The Pedagogy of RMF Training

“By far one of the best courses I have taken in a long time. I just finished up a 10-week graduate course on RMF, and I learned more in this 4-day class from Linda than I did the entire 10 weeks, best money I have ever spent!!” – BAI RMF…

Continue Reading

Post Categories: Risk Management FrameworkRMF Training Tags:
October 8, 2021

STIGs and the Security Control Baseline

By Lon J. Berman, CISSP, RDRP So, you’ve got your System Categorization completed and you’ve included any applicable overlays. You’ve reviewed all the resulting security controls to see if any of them should be marked Not Applicable, and, for those, you’ve written a justification. You’ve even gone through the security…

Continue Reading

Post Categories: emassRisk Management Framework Tags:
July 13, 2021

Army streamlines RMF… or weakens it?

  By Lon J. Berman, CISSP, RDRP Anyone who has endured the “adventure” of going through the full RMF life cycle can attest to the daunting amount of work and attention to detail required to be successful. Some even question whether or not all this effort is really making our…

Continue Reading

Post Categories: Federal GovernmentRisk Management Framework Tags:
Previous 1 2 3 4 … 6 Next

Site Search

Recent Posts

  • CAP Becomes CGRC? What Does This Mean?
  • Ask Dr. RMF – Teamwork? I Think Not!
  • The Army Risk Management Council (ARMC) – Part 2 The Mission Problem
  • Ask Dr. RMF – AO Picking on Us?
  • Authorizing Officials – How Many? … and Why?
© 2023 BAI Information Security Consulting & Training | Privacy Policy
Follow
                                   
Share