IT Blog

  • Ask Dr. RMF

    By P.Devon Schall Ph.D., RDRP Do you have an RMF dilemma that you could use advice on how to handle? If so, Ask Dr. RMF! BAI’s Dr. RMF is a Ph.D. researcher with a primary research focus of RMF. Dear Doctor RMF, We just received our report from Alex, our independent assessor team lead, and […]

  • A Quantitative Study on the Receipt of Formalized RMF Training and Perceptions of RMF Effectiveness, Sustainability, and Commitment in RMF Practitioners.

    By P. Devon Schall, Ph.D., CISSP, RDRP Over the past year, I have conducted research on the relationship between the receipt of formalized RMF training and perceptions of RMF effectiveness, sustainability, and commitment in RMF practitioners. I am very pleased to announce, I have completed the study and have some interesting results to report. This […]

  • NIST 800-37 Rev 2: It’s Official!

    By Kathryn Daily, CISSP, RDRP NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be key for an authorization decision. “RMF 2.0 gives federal agencies a very powerful tool to manage both security and privacy risks from a […]

  • IT Dojo Announces Security Control Assessment (SCA) Training Workshop

    Training Overview Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and […]

  • Is RMF Broken? Can it be fixed or is it beyond repair?

    By Lon J. Berman CISSP, RDRP Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive Branch, i.e., DoD, federal civil agencies, and the intelligence community. It’s now been 4 ½ years since DoD officially “adopted” RMF (DoDI 8510.01, […]

  • The Newest NIST Framework: The NIST Privacy Framework

    By Kathryn Daily, CISSP, CAP, RDRP NIST has announced the development of a Privacy Framework. The framework is needed to ensure the ability to design, operate, or use technologies in ways that are observant of various privacy needs in a progressively connected and complicated environment. It is expected to help manage risk by protecting people’s […]

  • STIG 101 Training Dates ADDED!

    We’ve had a huge response to our STIG 101 training!  New dates have been added.  If you are interested, please reach out to us soon! August 24, 2018  Live Remote Online August 31, 2018  Live Remote Online September 28, 2018  Live Remote Online October 19, 2018  Live Remote Online October 26, 2018  Live Remote Online November 14, 2018  Live […]

  • RMF Training

    Upcoming RMF for DoD IT Training Schedule

    New training dates for our RMF for DoD IT training course have been released!  If you are interested in pricing or availability in the course at any of the locations (or online), please be sure to reach out to Contact Nick Webb with Questions or to Enroll! 757-216-3656 ( Upcoming Dates: August 20 – 23  Live Remote Online August 27 – 30  […]

  • NIST 800-37 Rev. 2

    By Lon J. Berman CISSP, RDRP The National Institute of Standards and Technology (NIST) is in the process of preparing Special Publication (SP) 800-37 Rev 2 for publication. As you may know, NIST SP 800-37 is the publication that defines the Risk Management Framework (RMF) roles, responsibilities and life cycle process. A review of the […]

  • NIST 800-171: Confusion and the Protest Docket

    By Kathryn Daily, CISSP, RDRP I’m sure by now you’ve at least familiarized yourself with NIST 800- 171, “Protecting Unclassified Information in Nonfederal Information Systems and Organizations.” What wasn’t made clear was how DoD will evaluate a contractor’s System Security Plan (SSP). In May, DoD released draft DoD Guidance for Reviewing System Security Plans and […]