By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP BAI’s training programs were developed with the information systems professional in mind. NIST’s Risk Management Framework is one of the most widely used governance, risk and compliance frameworks in the nation and forms the core of the ISC2 CGRC Exam Content (for...
Continue Reading
By Amanda Lowell, Security+CE, RDRP Folks frequently reach out to BAI to ask, “Which security controls are required for X kind of DoD system?” It’s a valid question that can also be indicative of a common misconception. The short answer is, you will have certain control overlays for your information…
By Kathryn Daily, CISSP, CGRC, RDRP I know it’s a catchy headline, but it’s the wrong question to ask. NIST RMF and CSF are two totally different animals with a different purpose. NIST RMF is primarily focused on managing overall organizational risk, providing a structured approach…
By: Philip D. Schall, Ph.D., CISSP As many of you recall from an article written by Kathryn Daily in our January 2023 edition of RMF Today and Tomorrow titled CAP Becomes CGRC What Does this Mean? beginning February 15, 2023, ISC2 renamed the Certified Authorization Professional (CAP) certification to CGRC…
by Lon J. Berman, CISSP, RDRP The year 2020 will be remembered for lots of things, not the least of which was the “great toilet tissue shortage.” Who can forget running from store to store, only to be confronted with empty shelves? 2020 was also the year the term “supply...
Continue Reading
As of 4:30 eastern time, I was able to login to RMF Knowledge Service. Hopefully it’s back for good.
Well as you probably know if you're here, RMF Knowledge Service has been down for several months for unknown reasons. This morning the page loaded, and presented a login option, but then threw a runtime error. A few minutes later, it was again unreachable. While it keeps like one step...
Continue Reading
Are you going to Technet Augusta? So are we! (Did we just become best friends? 👫) Come see us at booth 216. We will have informational handouts, RMF hot sauce, and maybe a funny joke. 🥳
A reader who calls herself “Thirsting for Knowledge” asks: Dear Dr. RMF, Recently I’ve seen a few RMF-related articles online that referred to something called the “knowledge service”. Can you tell me what exactly this service is and if you think it would help me develop my RMF skills. Is…
A reader who calls himself “Dis-appointed?” asks: Dear Dr. RMF, Are appointment letters required to obtain an eMASS account for the roles of ISSO, ISSM, and SCA? Also, are appointment letters required for executing the roles of ISSO, ISSM and SCA (outside of obtaining eMASS accounts)? Dr. RMF Responds: Dear…