In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding sensitive information and critical infrastructure. To effectively manage risks and ensure the security of DoD IT systems, the Risk Management Framework (RMF) serves as a comprehensive framework for cybersecurity governance and compliance.…
In today’s tech-driven world, safeguarding sensitive data and critical systems is a top priority, especially for government agencies, including the Department of Defense (DoD). They handle vast amounts of sensitive information, making the Risk Management Framework (RMF) an essential part of their cybersecurity strategy. In this article, we’ll take a dive into RMF, what it’s…
BY KATHRYN DAILY, CISSP, CGRC (FORMERLY CAP), RDRP NIST SP 800-53 (National Institute of Standards and Technology Special Publication 800-53) provides a set of security and privacy controls for information systems and organizations. It was initially developed by NIST thanks to the E-Government Act of 2002, or more specifically, the Federal Information Security Management Act…
BY LON J. BERMAN, CISSP, RDRP JULY 2023, VOLUME 15, ISSUE 3 When it comes to the future of RMF, rumors abound but truth is hard to come by. In this article, we’ll take a look at some of the speculations and see if there’s any truth to them. Let’s start with an oldie. “DoD…
By Lon J. Berman, CISSP, RDRP Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard. When DoD first adopted RMF … back in 2014! … they expressed their commitment to “keeping up” with the NIST publications. So why…
By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharmacy records. The breach was caused by a vulnerability in the Accellion file sharing system which the grocery chain immediately stopped using. As I was perusing the…
By Lon J. Berman, CISSP, RDRP More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”. With widespread adoption of RMF throughout most federal civil agencies, DoD components and intelligence community agencies, it is safe to say that goal has been met.…
By Philip D. Schall, Ph.D., CISSP, RDRP At IT Dojo, we often have conversations with our students on the topic of taking formal classroom RMF training. In the modern digital landscape, we are able to learn about and complete projects we never thought possible twenty years ago through free online resources. The internet has enabled…
Dear Dr. RMF, I work in an Army program and I feel like I am getting the hang of RMF, but when the heck do I schedule an independent assessment (SCA-V)? Show Me the SCA-V Dear Show Me the SCA-V, When determining when to schedule a SCA-V assessment you’ll want to take several things into…
By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at the National Institute of Standards and Technology (NIST) throwing another framework our way! The Cybersecurity Framework (CSF) has actually been in development since…