By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharma-cy records. The breach was caused by a vulnerability in the Accellion file-sharing system which the grocery chain immediately stopped using. As…
By Lon J. Berman, CISSP, RDRP More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”. With widespread adoption of RMF throughout most federal civil agencies, DoD components and intelligence community agencies, it is safe to say…
Why Free Online Training Isn’t Enough By Philip D. Schall, Ph.D., CISSP, RDRP At BAI RMF Resource Center, we often have conversations with our students on the topic of taking formal classroom RMF training. In the mod-ern digital landscape, we are able to learn about and complete projects we never…
By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to…
By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…
By Lon J. Berman, CISSP, RDRP This month we will be celebrating our oldest grandson’s tenth birthday. It suddenly made me realize that with everything that’s been going on in 2020, it appears we missed another significant birthday this year – February marked the tenth birthday of the Risk Management…
By Lon J. Berman, CISSSP, RDRP 2020 has been a turbulent year, to say the least. When it comes to operating and maintaining our information systems, a lot of the “usual routine” has been disrupted in the name of health and safety. In spite of all this turmoil, the need…
In an effort to strengthen the trustworthiness and resilience of the information systems, component products and services that the federal government depends on in every critical infrastructure sector and which support the economic and national security interests of the United states, NIST has released an up-dated version of the NIST…
By Lon J. Berman, CISSP, RDRP Organizations performing classified work for DoD (aka. Cleared Contractor Facilities) are governed by the National Industrial Security Program (NISP). NISP is administered by the Defense Counterintelligence and Security Agency (DCSA), formerly known as the Defense Security Service (DSS). In general, companies covered by NISP…
By Philip D. Schal, Ph.D., CISSP, RDRP What is Project Sentinel? The United States Army recently announced that it is launching a new initiative called Project Sentinel. Project Sentinel is described as an adaption of the traditional RMF process with goals of streamlining RMF into a threat informed risk decision…
