BAI Introduces: STIG 101 Training

By Lon J. Berman, CISSP, RDRP NIST 800-53, and specifically Security Control CM-6, requires an organization to Establish and document configuration settings for information technology products employed within the information system using [Assignment: organizationdefined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; Implement the configuration…

Continue Reading

Post Categories: Registered DoD RMF Practitioner (RDRP)Risk Management FrameworkRMF Training Tags:  RMF RMF Training

RMF and the Defense Security Service (DSS)

By Lon J. Berman, CISSP, RDRP The Defense Security Service (DSS) serves as an interface between the government and cleared industry. DSS administers and implements the National Industrial Security Program (NISP) by providing oversight and assistance to cleared contractor facilities to ensure the protection of classified information. In short, if…

Continue Reading

Post Categories: Registered DoD RMF Practitioner (RDRP)Risk Management FrameworkRMF Training Tags:  RMF RMF Training

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP

Security Control Spotlight— Inheritance from a FedRAMP Approved CSP By Kathryn M. Daily, CISSP, RDRP In a previous issue, security control inheritance from an external system hosted at a departmental or agency data center was discussed.  In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service…

Continue Reading

Post Categories: Risk Management Framework Tags:  EMASS RMF

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs By Kathryn M. Daily, CISSP After assisting numerous customers with their RMF efforts, we have seen several instances of confusion arise concerning the “naming” or “numbering” of Security Controls, Control Enhancements, and Control Correlation Identifiers (CCIs). We hope this short tutorial will…

Continue Reading

Post Categories: Risk Management Framework Tags:  CCIS CONTROLS ENHANCEMENTS RMF