Security Control Spotlight—Training

Risk Management Framework, RMF TrainingBy Nick WebbJanuary 30, 2017

By Kathryn M. Daily, CISSP  BAI Information Security In this issue we will shine the spotlight on the Awareness and Training (AT) family of security controls. We’ll show you how the controls dictate the types and frequencies of training that organizations must provide. You’ll also learn about the extent to which existing DoD publications provide…

Top Ten—Documentation Recommendations

Risk Management Framework, RMF TrainingBy Nick WebbJanuary 30, 2017

By Lon J. Berman, CISSP  BAI Information Security Supporting documentation (aka. artifacts) is key to providing evidence of compliance with security controls. Previously in this Newsletter we have spent some time describing the three fundamental classes of RMF documentation, to wit: Policy. Policy documents describe what the organization does to provide for confidentiality, integrity and…