Welcome, Step 0

By Lon J. Berman, CISSP, RDRP Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast. As you probably know, the Risk Management Framework (RMF) has always been described as a six step process, to wit: 1-Categorize, 2- Select, 3-Implement,…

NIST Rev. 5 Supplemental Materials

By Kathryn Daily, CISSP, CAP, RDRP Back in September of last year (2020), NIST finally published the final version of Special Publication 800-53 Revision 5. Most notably, this revision incorporated privacy considerations in the security controls themselves rather than having separate control families for the privacy controls (e.g., AR, AP, IP, etc.). This is a…

DFARS Compliance with CMMC/NIST SP 800-171

By Marilyn Fritz, CISSP, CISA, ITIL, PMP The new DFARS Interim Rule that went into effect November 30, 2020 is a game changer for any entities that have or are pursuing Defense Industrial Base (DIB) contracts or subcontracts. Prior to the new Interim Rule, contractors and sub-contractors could self-attest that they met DoD cybersecurity requirements…

CMMC Is Here!

By Kathryn Daily, CISSP, CAP, RDRP So, in the last edition of the newsletter I wrote about the need for verification of NIST 171 compliance from DoD contractors, suppliers and vendors who process controlled unclassified information (CUI). Well, the DoD sure delivered on that request. A mere days after the last article was published, DoD…

Cybersecurity Framework – Is it relevant to Federal/DoD organizations?

By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at the National Institute of Standards and Technology (NIST) throwing another framework our way! The Cybersecurity Framework (CSF) has actually been in development since…

The Expanding Role of eMASS

By Lon J Berman, CISSP, RDRP The Enterprise Mission Assurance Support Service (eMASS) is a DoD system that serves as an information repository and workflow manager for the Risk Management Framework (RMF) process. The history of eMASS can be traced back to a project called Digital DITSCAP at the Defense Logistics Agency (DLA) in the…