By Kathryn M. Farrish, CISSP BAI Consulting Under RMF, NIST SP 800-53 is the primary source for security controls. If we compare these controls to the DoDI 8500.2 IA controls used in DIACAP, several obvious differences can be seen. Most notable among these differences is the fact that many of the NIST controls are not…
By Lon J. Berman, CISSP BAI Consulting Now that DoD has “officially” begun its adoption of “RMF for DoD IT”, let’s take a look at some of the things your organization can do to ensure a smooth transition. 10. Publications. Organizations should ensure they are using the latest copies of relevant publications. This includes not…
By Lon J. Berman, CISSP BAI Consulting With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD is now official. DoD programs big and small have gotten busy planning their strategies for transitioning from DIACAP to “RMF for DoD IT”. Let’s take a look at some of the…
As Internet connectivity goes, I live pretty far out out of town. So far, in fact, that decent high-data rate Internet solutions are completely unavailable to me. Internet access at home comes exclusively from an expensive data plan using a mobile hotspot. My hotspot device and my phone share a 40GB/month data plan that I…
We just wanted to share this great message we just got from a client that sat in our CISSP training a few months ago! I would like to thank both of you. I have now taken Security+ and the CISSP classes from you and will highly recommend your site to anyone that seeks improvement in…