BAI Announces Dr. P. Devon Schall (Dr. RMF)

19 December 2018

Fairlawn, VA. —  BAI Information Security is pleased to announce Dr. P. Devon Schall has completed doctoral studies with a dissertation topic titled Examining the Relationship between Formal RMF Training and Perceptions of RMF Effectiveness, Sustainability, and Commitment in RMF Practitioners. BAI is excited to contribute to academic research being conducted on RMF. Currently, Dr. Schall has observed a large gap in peer-reviewed RMF research, and he hopes to fill this gap as he is committed to improving the real-world application of RMF with the goal of mitigating the idea that RMF is failing.

A summary of Dr. Schall’s research is below and the complete study can be found at

Examining the Relationship between Formal RMF Training and Perceptions of RMF Effectiveness, Sustainability, and Commitment in RMF Practitioners

Quantitative data on the perceived confidence, compliance commitment, and sustainability ratings for RMF were collected and used in this research. Survey research was implemented, and data were collected through a questionnaire. The intended participants in the study were those who work in the U.S. Government or serve as U.S. Government contractors with requirements of cybersecurity compliance in their job roles. The survey questionnaire was provided to the members of the LinkedIn group titled Risk Management Framework (RMF) Resource Center via a survey link posted in the group as well as a private message sent to each member of the group with an explanatory invitation. This group consists of 1779 members and was established to provide its members with the opportunity to connect in understanding RMF. The survey was presented to all group members without any prior research or bias regarding their previous RMF training received or years of experience. The data were analyzed utilizing statistical methods of descriptive statistics, analysis of variance (ANOVA) and Pearson’s Correlations.

Based on the results of this study, a significant, positive relationship exists between the receipt of formalized RMF training and perceptions of RMF effectiveness. Statistical significance can be seen in ANOVA tests where there was a significant difference in the mean effective Perceived Competency Scales (PCS) Scores among those with varied levels of formal RMF training (MS = 5.388), (F [2,78] = 3.645, p < .05). Pearson’s Correlation also indicated that there was a significant positive association with the Effective PCS Score and the Amount of Training Received Category, (r = .253, n = 81, p = .023).

BAI Announces RMF Supplemental Classes

17 January 2018

Fairlawn, VA. — BAI Information Security is pleased to announce the launch of new one-day RMF Supplemental classes. These classes are designed to complement BAI’s flagship four-day Risk Management Framework (RMF) training program. BAI’s goal is to continue to deliver relevant and effective RMF training solutions that will save time and money in implementation of the RMF life cycle.

BAI offers these one-day RMF Supplemental classes on a monthly basis in an online, instructor-led format. The complete schedule of classes can be found at Additionally, organizations who contract with BAI to provide the four-day RMF training program “on site” can opt to add one of these supplemental classes as a fifth training day.

See below for a brief synopsis of BAI’s RMF Supplemental course offerings:

Continuous Monitoring Overview. The program seeks to equip learners with knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation. The program focuses on Information Security Continuous Monitoring (ISCM), which is one of the cornerstones of RMF.

eMASS eSSENTIALS. The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services for comprehensive, fully-integrated cyber security management, including controls scorecard measurement, dashboard reporting, and the generation of Risk Management Framework (RMF) package reports. The majority of DoD components have “standardized” on eMASS as the data repository for RMF Assessment and Authorization. eMASS eSSENTIALS provides “how to” guidance for the most commonly-used eMASS functions.

RMF in the Cloud. RMF in the Cloud training is designed to answer foundational questions about RMF and cloud migration as well as offering BAI’s real world experience in cloud migration as a provider of RMF consulting services. RMF in the Cloud is a vendor neutral course utilizing our first-hand consulting experience. Some RMF in the Cloud topics include Cloud Preparation, FedRAMP, Cloud Inheritance, Common Pitfalls, Cloud Tools, and eMASS and the Cloud.

CAP Exam Preparation. Backed by (ISC)2, CAP credentialing aligns with the Risk Management Framework (RMF). The CAP recognizes knowledge, skills and abilities to authorize and maintain information systems within RMF. It demonstrates the ability to formalize processes to assess risk and establish security documentation. BAI’s four-day RMF training program covers the five domains of the CAP Common Body of Knowledge (CBK) – this one-day CAP Exam Prep class focuses on readiness for the credentialing exam itself, including testing guidance, practice questions, etc.

BAI Announces New Website (RDRP)

16 January 2018

Fairlawn, VA. — Fairlawn, VA. —BAI Information Security is pleased to announce the launch of their newly revamped “Risk Management Framework (RMF) Resource Center” website. The newly designed website offers quick and easy access to essential RMF information as well as a comprehensive description of BAI’s RMF services.

The new website has a clean and uncluttered design, improved mobile functionality and enhanced rich content focused on the company’s mission to provide industry leading RMF training and consulting services. The new website goes live today, January 16, 2018 and is located at the same URL address:

BAI is excited about their new website launch and the robust information it provides for customers. “We believe this new website will allow our visitors a streamlined experience in finding critical RMF information,” said Lon J. Berman, BAI’s Principal Consultant.

BAI’s new website will be updated on a regular basis with RMF news and new course information. Visitors are encouraged to explore the website and sign up for BAI’s newsletter located at

BAI Announces Registered DoD RMF Practitioner (RDRP)

Fairlawn, VA. — BAI Information Security is pleased to announce the launch of a new program called Registered DoD RMF Practitioner (RDRP) – a network of security professionals specializing in supporting the Risk Management Framework (RMF) in Department of Defense (DoD) programs. The requirements to join RDRP are very straightforward:

  • Step 1: Attend 4 days or more of RMF for DoD IT training.
  • Step 2: Complete the 50 question “RMF for DoD IT Competency Test” with a passing score of 70%.
  • Step 3: Remit the initial credentialing fee (No cost if you’ve completed BAI’s RMF 4-day training program within the past 12 months

BAI’s students who have completed 4-days or more of RMF DoD IT training may go to to begin the registration process.

BAI Announces eMASS Training Program

Fairlawn, VA. — BAI Information Security is now offering a training program focused on eMASS, the Department of Defense (DoD) Enterprise Mission Assurance Support Service. “The majority of DoD agencies have now “standardized” on eMASS as the online data repository and management system for their Risk Management Framework (RMF) efforts,” said BAI Principal Consultant Lon Berman. “We felt it was time to add eMASS training to complement our RMF training program.”

Training Opportunities are Expanding

Fairlawn, VA. — BAI Information Security recently announced significant expansions of training programs. Here are some of the highlights:

  • New classroom location— we will now be offering training in the San Diego, CA area as well as the Orlando, FL area, with RMF for DoD IT classes beginning in June, 2017.
  • Friday Supplemental classes — We will be introducing a series of one-day classes. Options include: eMASS Workshop, Continuous Monitoring Overview, Certified Authorization Professional (CAP) exam preparation
  • Certified Cloud Security Professional (CCSP) — BAI will be launching a five-day training program that will provide guidance in securing systems and applications in the cloud environment, as well as preparing students to take the CCSP certification exam given by ISC2 ( Training will begin with an online class in April.

BAI Information Security Offers Risk Management Framework Training at Dynetics Training Facilities

Fairlawn, VA. — BAI Information Security recently announced its Risk Management Framework (RMF) for DoD IT training will be offered at Dynetics Training Facilities in Huntsville, AL and Arlington, VA. BAI is a leading provider of RMF training and consulting for DoD and Federal agencies, their contractors and vendors throughout the United States and internationally. Dynetics is a leading provider of products and services for the defense, intelligence, aerospace, automotive, IT/cybersecurity and physical security sectors.

BAI Information Security Announces Curriculum Enhancement of “Risk Management Framework (RMF) for DoD IT” Training Program 

Fairlawn, VA – March 6, 2015 – BAI Information Security today announced a substantial enhancement to the Risk Management Framework (RMF) for DoD IT training program curriculum. The revised training program, dubbed “Version 3.0,” significantly ramps up the emphasis on building skills that DoD employees and contractors will need as their programs make the transition from DIACAP to RMF.

BAI Information Security Introduces Risk Management Framework (RMF) for DoD IT Training Program 

March 31, 2014 – BAI Information Security today announced the latest update to its cybersecurity risk management training portfolio. The Risk Management Framework for DoD IT training program covers the newly-unveiled DoD risk management methodology and the process of transition from the legacy DIACAP process.

BAI Information Security To Speak At DoD/VA mHealth Conference in Arlington, VA 

Nov. 13, 2013 – BAI Information Security has announced that Lon Berman, principal consultant and DIACAP, FISMA, RMF expert will speak at the upcoming DoD/VA mHealth (Mobile Health Summit) on November 18 at the Waterview Conference Center in Arlington, VA.

BAI Information Security Announces Educational Seminars on RMF for DoD 

August 12, 2013 – BAI Information Security announced today that it will deliver a new series of educational seminars focused on the transition from DIACAP to the Risk Management Framework (RMF). The educational seminars will be designed for management level and information assurance / technology professionals of all rank, both DoD employees and contractors, who need to become familiar with RMF and the imminent transition from DIACAP.

BAI Information Security Introduces “Personal Classroom” Training 

February 13, 2013 – Today, many conversations among DoD agencies and contracting companies are occurring, relative to what is happening with current budgetary constraints and how it will affect needed training for the Risk Management Framework (RMF) targeted to go into effect mid-year…