Top Ten—Questions for your Authorizing Official

By Annette Leonard The importance of the Authorizing Official (AO) in the RMF process is self evident. As the individual charged with signing your Authorization to Operate (ATO), the AO is obviously a key player. Ideally, the AO’s role is not limited to that final signature—he/she should be an active participant in the process from…

System Scans in eMASS … Think Before You Upload!

By Kathryn M. Farrish, CISSP eMASS, short for Enterprise Mission Assurance Support Service, is a comprehensive tool provided by DoD for managing the RMF life cycle. Among its well-known features and capabilities are generating security control baselines, managing RMF workflow, maintaining a repository of documentation artifacts, accepting system owner provided “self assessment” of security control…

CISSP Preparation Resources

When it comes to getting your CISSP certification, I have one important word for you: STUDY.  Study in the car (preferably not while driving), study at work (taking care to not get fired), study at home, study everywhere you get a free moment.  Study before training, study after training.  You really cannot study too much…

Top Ten—Data Breaches that Made the News

By Annette Leonard Many information security incidents are newsworthy, especially when they involve compromise of personal, financial and/or medical information. Here is our “Top Ten” list of data breaches that have made the news over the past few years. While some of these compromises may have resulted from very sophisticated attack methods, others were traceable to basic lapses in good security practices—the very things the…

Common Controls and Inheritance

By Kathryn M. Farrish, CISSP Common Controls are security controls whose implementation results in a security capability that is inheritable  by multiple information systems (IS). For example, the information systems hosted in a data center will typically inherit numerous security controls from the hosting provider, such as: Physical and environmental security controls Network boundary defense security controls Other inheritance scenarios include agency or departmental-level policies…

FAQ: How Comprehensive is your RMF for DoD IT Course?

The most common question we get in regards to our RMF for DoD IT training course is this: How comprehensive is your RMF for DOD IT course? The reason I ask is that the Navy is still trying to wrap their head around RMF and how to integrate it both from an acquisitions and operational…

Security Control Spotlight—Privacy Overlay

By Lon J. Berman, CISSP According to NIST Special Publication (SP) 800-53, an overlay is a “fully specified set of security controls, control enhancements and supplemental guidance derived from the application of tailoring guidance to security control baselines”. The intent is to streamline the process of developing a security control set for specific communities of interest. The Committee on National Security Systems (CNSS) website, www.cnss.gov,…

System Categorization-Take the Time to Get it Right

By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…

Post Training Support on our RMF classes!

TrainPlus! POST TRAINING SUPPORT RMF education doesn’t just stop when the training class is over.  That’s why we offer TrainPlus!, a RMF Q&A follow-up session. Designed specifically for students who’ve previously attended an IT Dojo RMF training class, TrainPlus! is delivered via a monthly, 60-minute, conference call at no charge. Whether the training experience has been online, onsite or…

Free Ways to Earn CEUs!

You’ve earned your CISSP or your Security+ certification…now you need to maintain it. No one wants to have to take those beastly exams again! But how do you do that without spending a lot of money? Sure you could take other classes (and will need to to remain relevant, of course), but sometimes there isn’t…