IT Blog

  • STIG 101 Training Dates ADDED!

    We’ve had a huge response to our STIG 101 training!  New dates have been added.  If you are interested, please reach out to us soon! August 24, 2018  Live Remote Online August 31, 2018  Live Remote Online September 28, 2018  Live Remote Online October 19, 2018  Live Remote Online October 26, 2018  Live Remote Online November 14, 2018  Live […]

  • RMF Training

    Upcoming RMF for DoD IT Training Schedule

    New training dates for our RMF for DoD IT training course have been released!  If you are interested in pricing or availability in the course at any of the locations (or online), please be sure to reach out to Contact Nick Webb with Questions or to Enroll! 757-216-3656 (nick@itdojo.com). Upcoming Dates: August 20 – 23  Live Remote Online August 27 – 30  […]

  • NIST 800-37 Rev. 2

    By Lon J. Berman CISSP, RDRP The National Institute of Standards and Technology (NIST) is in the process of preparing Special Publication (SP) 800-37 Rev 2 for publication. As you may know, NIST SP 800-37 is the publication that defines the Risk Management Framework (RMF) roles, responsibilities and life cycle process. A review of the […]

  • NIST 800-171: Confusion and the Protest Docket

    By Kathryn Daily, CISSP, RDRP I’m sure by now you’ve at least familiarized yourself with NIST 800- 171, “Protecting Unclassified Information in Nonfederal Information Systems and Organizations.” What wasn’t made clear was how DoD will evaluate a contractor’s System Security Plan (SSP). In May, DoD released draft DoD Guidance for Reviewing System Security Plans and […]

  • RMF Applied to Modern Vehicles

    By P. Devon Schall, CISSP, RDRP During a recent RMF literature search, I came across an interesting article titled “RMF Applied to Modern Vehicles”. The article was published by Charlie McCarthy and Kevin Harnett in 2014 and sponsored by the National Highway Traffic Safety Administration (NHTSA). The overall goal of the research was to collect […]

  • IT Dojo Introduces: STIG 101 Training

    By Kathryn Daily, CISSP, RDRP NIST 800-53, and specifically Security Control CM-6, requires an organization to a. Establish and document configuration settings for information technology products employed within the information system using [Assignment: organizationdefined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; b. Implement the configuration settings; c. Identify, document, […]

  • RMF and the Defense Security Service (DSS)

    By Lon J. Berman, CISSP, RDRP at BAI. The Defense Security Service (DSS) serves as an interface between the government and cleared industry. DSS administers and implements the National Industrial Security Program (NISP) by providing oversight and assistance to cleared contractor facilities to ensure protection of classified information. In short, if your company maintains cleared […]

  • Top Ten—Preparing for RMF Questions

    By P. Devon Schall, CISSP, RDRP With the addition of Step 0 to the RMF life cycle, we decided to make this month’s top ten list based on preparation. Preparation is often one of the most overlooked aspects of RMF. The road to an ATO is often paved with unexpected setbacks, these setbacks can be […]

  • NIST 171—What’s That?

    By Kathryn Daily, CISSP, RDRP If you heard a whooshing sound on New Years Eve, that was probably the deadline for compliance with NIST 171 flying by. A lot of you might be asking “What is NIST 171?” NIST 171 is a set of requirements documented in the NIST Special Publication 800-171 (Protecting Controlled Unclassified […]

  • Top Ten—Differences Between RMF and CSF

    By P. Devon Schall, CISSP, RDRP I was reading an article recently about Cybersecurity Framework (CSF) and the continued confusion with Risk Management Framework (RMF). In the research, the consensus was the majority of government IT professionals don’t fully understand CSF or RMF and find it easy to confuse the two. As a follow up […]