With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD has begun. DoD programs are busy planning and implementing strategies for transitioning from DIACAP to “RMF for DoD IT”. What Efforts are Taking Place in Support of the RMF Transition? Tier 1: DoD Enterprise RMF Knowledge Service –…
The DoD has announced that RMF for DoD IT will supercede the current DIACAP requirements. Revised DoD IA policies and procedures will not be published until later this year and there’s sure to be a “phase in” period. Why should your organization be concerned about preparing for the upcoming RMF transition now? Get Familiarized with…
IT Dojo offers a comprehensive course on the transition from DIACAP to RMF. Please take a look at our RMF training courses here. Here is a link to a great book on RMF that we highly recommend. A ton of other information can be found on the NIST web site.
A deadline for federal agencies to adhere to the government’s baseline cloud security standards and changes to the standards themselves are coming up very soon. The deadline for agencies to have their existing cloud computing solutions assessed against the Federal Risk and Authorization Management Program, or FedRAMP is June 5, 2014 Read more about this…
By Lon J. Berman, CISSP BAI Consulting The wait is over! RIP DIACAP!! At long last, DoD has announced the start of transition from the legacy DIACAP Certification and Accreditation (C&A) Program to the Risk Management Framework (RMF). This transition is part of a broader effort to bring all Executive Branch departments and agencies ……
For your convenience, ITdojo has assembled the following collection of RMF-related government publications. Please note these are UNCLASSIFIED documents with no restrictions on usage or distribution. Laws and Executive Branch Policies Federal Information Security Management Act (FISMA) OMB Circular A-130 Appendix III (Security of Federal Information Systems) Federal Information Processing Standard (FIPS) Publications FIPS 199…
By Lon J. Berman, CISSP BAI Consulting Now that DoD has “officially” begun its adoption of RMF, let’s take a look at some of the things that are “new”! 10. Cybersecurity. The word “Cybersecurity” has been part of the government IT security discussion for several years, going back to a Presidential Directive in 2008. DoD has now adopted the term Cybersecurity in…
by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT system. In spite of this, the risk management processes used in most federal agencies have traditionally been centered around mountains of paperwork, along with “point-in-time” assessments and approvals. With the ascension…
On March 12, 2014 the DoD released a new policy that makes it official that the DoD Information Assurance Certification and Accreditation Process (DIACAP) is being put to bed in favor of a “new” Risk Management Framework (RMF). The news is not a revelation as it has been in the works for a few years…