Skip to main content

BAI Introduces: STIG 101 Training

By Lon J. Berman, CISSP, RDRP NIST 800-53, and specifically Security Control CM-6, requires an organization to Establish and document configuration settings for information technology products employed within the information system using [Assignment: organizationdefined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; Implement the configuration…

Continue Reading

Post Categories: Registered DoD RMF Practitioner (RDRP)Risk Management FrameworkRMF Training Tags:  RMF RMF Training

RMF and the Defense Security Service (DSS)

By Lon J. Berman, CISSP, RDRP The Defense Security Service (DSS) serves as an interface between the government and cleared industry. DSS administers and implements the National Industrial Security Program (NISP) by providing oversight and assistance to cleared contractor facilities to ensure the protection of classified information. In short, if…

Continue Reading

Post Categories: Registered DoD RMF Practitioner (RDRP)Risk Management FrameworkRMF Training Tags:  RMF RMF Training

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP By Kathryn M. Daily, CISSP, RDRP In a previous issue, security control inheritance from an external system hosted at a departmental or agency data center was discussed.  In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service…

Continue Reading

Post Categories: Risk Management Framework Tags:  EMASS RMF

Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF)

Cybersecurity Framework (CSF) as it relates to Risk Management Framework (RMF) By P. Devon Schall, CISSP, RDRP I recently attended the Cybersecurity Framework (CSF) Workshop from May 16-17 at NIST in Gaithersburg, Maryland. The workshop proved to be informative in relation to how government and industry are implementing the guidance issued…

Continue Reading

Post Categories: Risk Management Framework Tags: