By Amanda Lowell, Security+CE, RDRP Folks frequently reach out to BAI to ask, “Which security controls are required for X kind of DoD system?” It’s a valid question that can also be indicative of a common misconception. The short answer is, you will have certain control overlays for your information…
By Kathryn Daily, CISSP, CGRC, RDRP I know it’s a catchy headline, but it’s the wrong question to ask. NIST RMF and CSF are two totally different animals with a different purpose. NIST RMF is primarily focused on managing overall organizational risk, providing a structured approach…
By: Philip D. Schall, Ph.D., CISSP As many of you recall from an article written by Kathryn Daily in our January 2023 edition of RMF Today and Tomorrow titled CAP Becomes CGRC What Does this Mean? beginning February 15, 2023, ISC2 renamed the Certified Authorization Professional (CAP) certification to CGRC…
As of 4:30 eastern time, I was able to login to RMF Knowledge Service. Hopefully it’s back for good.
Are you going to Technet Augusta? So are we! (Did we just become best friends? 👫) Come see us at booth 216. We will have informational handouts, RMF hot sauce, and maybe a funny joke. 🥳
A reader who calls herself “Thirsting for Knowledge” asks: Dear Dr. RMF, Recently I’ve seen a few RMF-related articles online that referred to something called the “knowledge service”. Can you tell me what exactly this service is and if you think it would help me develop my RMF skills. Is…
A reader who calls himself “Dis-appointed?” asks: Dear Dr. RMF, Are appointment letters required to obtain an eMASS account for the roles of ISSO, ISSM, and SCA? Also, are appointment letters required for executing the roles of ISSO, ISSM and SCA (outside of obtaining eMASS accounts)? Dr. RMF Responds: Dear…
A reader who calls herself “Cleanup Mode” writes: Dear Dr. RMF, I have recently taken over responsibility for a couple of systems and the RMF packages are a mess! I’m trying to make some sense out of how they handled the STIGs and it just makes no sense to me….
