Security Control Spotlight— Inheritance from a FedRAMP Approved CSP

Risk Management Framework, RMF TrainingBy Nick WebbJuly 13, 2017

This article was written by Kathryn M. Daily, CISSP, RDRP of BAI Information Security. In a previous article, security control inheritance from an external system hosted at a departmental or agency data center was discussed. In this article, we are going to discuss inheritance from a FedRAMP Approved Cloud Service Provider (CSP) such as Amazon…

Continuous Monitoring Today—And Tomorrow

Risk Management Framework, RMF TrainingBy Nick WebbJuly 13, 2017

This article was written by Lon Berman, CISSP, RDRP of BAI Information Security Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security Controls”. Many security professionals would argue it is the most important step, since monitoring is what transforms RMF from yet another “point in time” evaluation to a true life cycle…