By Lon J. Berman CISSP, RDRP Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive Branch, i.e., DoD, federal civil agencies, and the intelligence community. It’s now been 4 ½ years since DoD officially “adopted” RMF (DoDI 8510.01, […]
Interesting press release just put out stating that NIST is updating the RMF to incorporate privacy considerations. Full release can be found here.
By P. Devon Schall, CISSP, RDRP With the addition of Step 0 to the RMF life cycle, we decided to make this month’s top ten list based on preparation. Preparation is often one of the most overlooked aspects of RMF. The road to an ATO is often paved with unexpected setbacks, these setbacks can be […]
Article Written By P. Devon Schall, CISSP, of BAI Information Security. I recently attended the Cybersecurity Framework (CSF) Workshop on May 16-17 at NIST in Gaithersburg, Maryland. The workshop proved to be informative in relation to how government and industry are implementing the guidance issued by President Obama in Executive Order 13636 outlining the responsibilities […]
Duration: 1 Day Course Overview: The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services for comprehensive, fully-integrated cybersecurity management, including controls scorecard measurement, dashboard reporting, and the generation of Risk Management Framework (RMF) package reports. The majority of DoD components have “standardized” […]
Article by Annette Leonard The Defense Information Systems Agency (DISA) is responsible for developing security guidance for configuring DoD information systems. An extensive collection of Security Technical Implementation Guides (STIGs) is published at http:// iase.disa.mil/stigs/Pages/index.aspx. STIGs contain detailed configuration guidance (settings) for commonly-used software products and other system components. Most of these documents are updated […]