IT Blog

  • MAC Address Randomization

    Learning More About Apple iOS9 MAC Address Randomization

    Apple uses a variety of scans for wireless LAN/physical location information. There are Preferred Network Offload (PNO) Scans, Enhanced Preferred Network Offload (ePNO) Scans, Location Scans and Auto Join Scans. Each of these scans, while mostly identical in frame format, are used at different times and for different reasons by the device. In order to […]

  • Security+ CEU

    Security+ CEU Question and Answer

    I recently had a client who had a Security+ certification that was about to expire and he asked me a question that I wanted to share with our readers. If my Security+ certification is about to expire, can I just sit in another Security+ course and earn the CEUs that I need in order to […]

  • STIGS and Controls

    Security Control Spotlight—STIGs and Controls

    By Kathryn M. Farrish, CISSP at BAI Inc. One of the primary goals of the RMF life cycle is for a system to achieve and maintain compliance with a baseline of Security Controls in accordance with NIST SP 800-53 and CNSSI 1253. Security controls provide specific safeguards in numerous subject areas (aka. “families”), including access […]

  • scbaseline_small

    Building A Security Control Baseline “Step-by-Step”

    Article By Lon J. Berman, CISSP In the last issue of RMF Today and Tomorrow, we walked through the System Categorization process step-bystep. Now that we’ve categorized our system, let’s take a look at the steps for creating a Security Control Baseline. Step 1: Create Initial Control Set Your System Categorization defines the initial set of […]

  • top10small

    Top Ten—Questions for your Authorizing Official

    By Annette Leonard The importance of the Authorizing Official (AO) in the RMF process is self evident. As the individual charged with signing your Authorization to Operate (ATO), the AO is obviously a key player. Ideally, the AO’s role is not limited to that final signature—he/she should be an active participant in the process from […]

  • emass_small

    System Scans in eMASS … Think Before You Upload!

    By Kathryn M. Farrish, CISSP eMASS, short for Enterprise Mission Assurance Support Service, is a comprehensive tool provided by DoD for managing the RMF life cycle. Among its well-known features and capabilities are generating security control baselines, managing RMF workflow, maintaining a repository of documentation artifacts, accepting system owner provided “self assessment” of security control […]

  • dangersmall

    The Danger of Transparent Encryption

    With all the renewed furor over the government attempting to force Apple to backdoor iOS devices so the FBI can inspect the phone of the San Bernardino terrorists I found myself with a usual set of emotions. I have always been an advocate of limited government involvement in the lives of private citizens (i.e. approaching […]

  • gtr

    Guaranteed to Run IT Courses of the Week!

    We’ve put together a short list of some of the many Guaranteed to Run courses that we have running across the country in the nex few months.  If there is something that you are looking for that you do not see on this list, please let us know. Avaya Aura® Communication Manager Administration (5U00051) Feb […]

  • altruism_small

    The Altruism of IPv6

    Disclosure:  I am one of the world’s biggest fans of, and greatest advocates for, IPv6.  In the words of rapper 50 Cent, “I love it like a fat kid loves cake.”  Anyone I have ever been able to corner in a room knows this to be true.  That being said… I just finished reading [yet […]

  • Glitter Glue Pine Cone

    You Geek? I Geek.

    When is the last time you sat down at your desk and really went full-geek on something just because you found it fascinating? No, not because you needed to know it for work or because you wanted to build up your skill set for some future position; I’m talking about full-on burial in a topic […]

  • password entropy

    A Somewhat Brief Explanation of Password Entropy

    Before we start, please be sure to download ITdojo’s password entropy worksheet (MS Excel, OS X Numbers, LibreOffice Calc compatible).  It’s a nice companion to this post and a useful tool later down the road.  Password Entropy Calculator It’s mandated by policy.  It’s a best practice for sure.  And it’s nothing new to virtually all […]

  • RMF training in Norfolk

    RMF for DoD IT Course in Virginia Beach February 16

    There has been a lot of interest in our upcoming RMF for DoD IT Training course that is running February 16 – 18, 2016 in Virginia Beach, VA. If you are about to start or are in the middle of your transition from DIACAP to RMF, this is the course for you.  Our RMF experts deliver […]