IT Blog

  • CISSP Practice Question 16
  • CISSP Question of the Day #15
  • CISSP Practice Question 14
  • NIST Training. Privacy Framework Update

    NIST Privacy Framework: An Update

    By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off their cybersecurity framework that has been extremely successful in both government and private sector. NIST has worked with industry through webinars and workshops and incorporated both public and private sector feedback for the […]

  • RMF Conference Training Observations

    RMF Conference Observations

    By P. Devon Schall, PhD, CISSP, RDRP Over the past 12 months, I have attended a handful of DoD cybersecurity conferences with the goal of convincing the DoD community that RMF training is a key solution in combatting the perceived RMF crisis. These conferences include the Air Force Information Technology & Cyberpower Conference (AFITC), the […]

  • RMF Security Control INheritance

    Security Control Inheritance

    By Lon J. Berman CISSP, RDRP CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application”. The typical example […]

  • Ask Dr. RMF

    Ask Dr. RMF

    Dear Dr. RMF, Government IT Security staff work with systems owners to make sure that all systems in the agency have implemented the proper Risk Management Framework (RMF) controls. Organizations have deployed technologies like eMASS, XACTA, and RSA to manage the workflow and documentation for the RMF for their systems. Yet, there is confusion about […]

  • Colin Weaver

    How Much Information is in a Message?

    “How much information is in a message?” Huh??? That sentence, in the context of typical use of those words (information & message), doesn’t immediately make sense to most people. Well, I know it didn’t make sense to me, at least. So let me try asking it in a seemingly more complicated but different way: “If […]

  • Ask Dr. RMF

    Ask Dr. RMF

    By P.Devon Schall Ph.D., RDRP Do you have an RMF dilemma that you could use advice on how to handle? If so, Ask Dr. RMF! BAI’s Dr. RMF is a Ph.D. researcher with a primary research focus of RMF. Dear Doctor RMF, We just received our report from Alex, our independent assessor team lead, and […]

  • RMF Training Resources

    A Quantitative Study on the Receipt of Formalized RMF Training and Perceptions of RMF Effectiveness, Sustainability, and Commitment in RMF Practitioners.

    By P. Devon Schall, Ph.D., CISSP, RDRP Over the past year, I have conducted research on the relationship between the receipt of formalized RMF training and perceptions of RMF effectiveness, sustainability, and commitment in RMF practitioners. I am very pleased to announce, I have completed the study and have some interesting results to report. This […]

  • NIST 800-37 Revision 2 Training

    NIST 800-37 Rev 2: It’s Official!

    By Kathryn Daily, CISSP, RDRP NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be key for an authorization decision. “RMF 2.0 gives federal agencies a very powerful tool to manage both security and privacy risks from a […]