By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at the National Institute of Standards and Technology (NIST) throwing another framework our way! The Cybersecurity Framework (CSF) has actually been in development since…
By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off their cybersecurity framework that has been extremely successful in both government and private sector. NIST has worked with industry through webinars and workshops and incorporated both public and private sector feedback for the…
By Lon J. Berman CISSP, RDRP CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application”. The typical example…
By Kathryn Daily, CISSP, RDRP NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be key for an authorization decision. “RMF 2.0 gives federal agencies a very powerful tool to manage both security and privacy risks from a…
By Lon J. Berman CISSP, RDRP All of us who have spent time working with RMF have come to understand just what a time-consuming and resource-intensive process it can be. As bad as that may be, it is made even worse when the same application or system ends up going through the RMF process multiple…
By Lon J. Berman CISSP, RDRP Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive Branch, i.e., DoD, federal civil agencies, and the intelligence community. It’s now been 4 ½ years since DoD officially “adopted” RMF (DoDI 8510.01,…
By Kathryn Daily, CISSP, CAP, RDRP NIST has announced the development of a Privacy Framework. The framework is needed to ensure the ability to design, operate, or use technologies in ways that are observant of various privacy needs in a progressively connected and complicated environment. It is expected to help manage risk by protecting people’s…
By Lon J. Berman CISSP, RDRP The National Institute of Standards and Technology (NIST) is in the process of preparing Special Publication (SP) 800-37 Rev 2 for publication. As you may know, NIST SP 800-37 is the publication that defines the Risk Management Framework (RMF) roles, responsibilities and life cycle process. A review of the…
Interesting press release just put out stating that NIST is updating the RMF to incorporate privacy considerations. Full release can be found here.
By Lon J. Berman, CISSP, RDRP at BAI. The Defense Security Service (DSS) serves as an interface between the government and cleared industry. DSS administers and implements the National Industrial Security Program (NISP) by providing oversight and assistance to cleared contractor facilities to ensure protection of classified information. In short, if your company maintains cleared…