“Just want to be informed” writes:
As a consultant, I try very hard to keep up with all the RMF publications so I can best serve my clients. On the NIST website I found a mailing list you can subscribe to. I signed up and now I receive regular e-mails from NIST when any of their publications are updated. They also send me notifications when draft publications are available for review, and I even get the opportunity to send in comments. I’ve been looking for a similar service from DoD but I’ve had no luck finding anything. So, Dr. RMF, do you know of any way I can receive notification of new or updated DoD publications?
Dr. RMF Responds:
I agree the NIST mailing list is wonderful, but, to the best of my knowledge, there is nothing like that available from DoD. DoD tends to work on new and updated RMF publications “in private” so to speak, and then just “throws them over the wall” when they are done. Drafts are rarely made available for review.
That said, there are some things you can do to stay informed. Dr. RMF recommends you monitor the Recent Publications page on the DoD Issuances website (https://esd.whs.mil/Directives/Recent-Publications). Also, make sure you visit the RMF Knowledge Service (https://rmfks.osd.mil) regularly.
By the way, one notable exception within DoD is DISA, where you can subscribe to a mailing list for notifications regarding their Security Technical Implementation Guides (STIGs).
Do you have an RMF dilemma that you could use advice on how to handle? If so, Ask Dr. RMF! BAI’s Dr. RMF consists of BAI’s senior RMF consultants who have decades of RMF experience as well as peer-reviewed published RMF research.
Want to see more of Dr. RMF? Watch our Dr. RMF video collection at https://www.youtube.com/c/BAIInformationSecurity
Dr. RMF submissions can be made at https://rmf.org/dr-rmf/