Top Ten—What’s “new” in RMF for DoD IT?

By Lon J. Berman, CISSP BAI Consulting Now that DoD has “officially” begun its adoption of RMF, let’s take a look at some of the things that are “new”! 10. Cybersecurity. The word “Cybersecurity” has been part of the government IT security discussion for several years, going back to a Presidential Directive in 2008. DoD has now adopted the term Cybersecurity in…

Continuous Monitoring—It’s Not (Just) About The Tools

by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT system.  In spite of this, the risk management processes used in most federal agencies have traditionally been centered around mountains of paperwork, along with “point-in-time” assessments and approvals.  With the ascension…

DoD Transition to RMF Imminent—Will You Be Ready?

By Lon J. Berman, CISSP For quite some time, it’s been well known that DoD would be making a transition from the legacy DIACAP Certification and Accreditation (C&A) Program to the Risk Management Framework (RMF). This transition is part of a broader effort to bring all Executive Branch departments and agencies … including DoD, the intelligence community and all “civil” departments/agencies … into a…

Is Your Post 2011 Security+ Cert About to Expire? Get CE Credits Now!

As many of you know, if you received your Security+ certification after 2011, you are not eligible for lifetime Security+ status. Before that you were grandfathered in, but if your is after 2011 you are out of luck. No every 3 years you must renew your certification by either retaking the exam, or by completing…

Chief Information Officers Council – Roadmap Toward IPv6 Adoption for the Federal Government

Just last week (July 12, 2012), the Chief Information Officers Council released this updated version of the Roadmap Toward IPv6 Adoption for the Federal Government to help with the upcoming deadlines for September of 2012 and September 2014. It highlights the history as well as the government’s vision for IPv6. To read the original article…

Security Through Obscurity

The effectiveness of Security through Obscurity is closely related to the knowledge (or lack thereof) of the attacker. If someone is unaware of how a particular technology works, the data is obscured by the nature of the technology. Once some understanding is had by your adversary, however, the security vanishes. Some examples are: 1. Not…