By Lon J. Berman, CISSP BAI Consulting With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD is now official. DoD programs big and small have gotten busy planning their strategies for transitioning from DIACAP to “RMF for DoD IT”. Let’s take a look at some of the…
As Internet connectivity goes, I live pretty far out out of town. So far, in fact, that decent high-data rate Internet solutions are completely unavailable to me. Internet access at home comes exclusively from an expensive data plan using a mobile hotspot. My hotspot device and my phone share a 40GB/month data plan that I…
We just wanted to share this great message we just got from a client that sat in our CISSP training a few months ago! I would like to thank both of you. I have now taken Security+ and the CISSP classes from you and will highly recommend your site to anyone that seeks improvement in…
We are getting excited about our upcoming Offensive Wifi and Mitigation Techniques class. Gear has started to arrive! Check out these Mark V Pineapples that showed up today! This class will be using these and other tools to demonstrate wifi attacks and how to prevent against them. If you would like more information, please give…
IT Dojo offers a comprehensive course on the transition from DIACAP to RMF. Please take a look at our RMF training courses here. Here is a link to a great book on RMF that we highly recommend. A ton of other information can be found on the NIST web site.
A deadline for federal agencies to adhere to the government’s baseline cloud security standards and changes to the standards themselves are coming up very soon. The deadline for agencies to have their existing cloud computing solutions assessed against the Federal Risk and Authorization Management Program, or FedRAMP is June 5, 2014 Read more about this…
By Lon J. Berman, CISSP BAI Consulting The wait is over! RIP DIACAP!! At long last, DoD has announced the start of transition from the legacy DIACAP Certification and Accreditation (C&A) Program to the Risk Management Framework (RMF). This transition is part of a broader effort to bring all Executive Branch departments and agencies ……
By Lon J. Berman, CISSP BAI Consulting As DoD begins its transition from DIACAP to Risk Management Framework for DoD IT, everyone is naturally focused on all the things that will be changing—everything from terminology to documentation to security controls. Thankfully, not everything is changing! We thought it would be interesting to take a look…
For your convenience, ITdojo has assembled the following collection of RMF-related government publications. Please note these are UNCLASSIFIED documents with no restrictions on usage or distribution. Laws and Executive Branch Policies Federal Information Security Management Act (FISMA) OMB Circular A-130 Appendix III (Security of Federal Information Systems) Federal Information Processing Standard (FIPS) Publications FIPS 199…