Top Ten—Things You Should Know about eMASS

By Lon J. Berman, CISSP of BAI Information Security The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services for comprehensive, fully integrated cybersecurity management, including controls scorecard measurement, dashboard reporting, and the generation of Risk Management Framework (RMF) package reports. If you’re…

Top Ten—Documentation Recommendations

By Lon J. Berman, CISSP  BAI Information Security Supporting documentation (aka. artifacts) is key to providing evidence of compliance with security controls. Previously in this Newsletter we have spent some time describing the three fundamental classes of RMF documentation, to wit: Policy. Policy documents describe what the organization does to provide for confidentiality, integrity and…

Security Control Spotlight—Contingency Planning

By Kathryn M. Daily, CISSP of BAI Information Security In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls. First, we’ll show you how the controls dictate the subject areas that need to be addressed in the organization/system’s disaster recovery and business continuity plans. Second, you’ll learn how…

RMF Training in Virginia Beach is Filling up!

Attention information assurance and cyber security professionals in Hampton Roads!  IT Dojo is running an RMF for DoD IT training course in the Virginia Beach/Norfolk area July 11 – 14.  Seating is limited, but this course is guaranteed to run! We have delivered this course to hundreds of individuals throughout the country and the response…

Top Ten—RMF “Lessons Learned”

By Lon J. Berman, CISSP  BAI Information Security I recently had the pleasure of consulting for a DoD program that successfully navigated the RMF process and received a full three year Authorization to Operate (ATO). In lieu of … or in addition to … a victory party, the team decided it would be productive to…

Security Control Baseline “Tabletop Review”

By Lon J. Berman, CISSP at BAI Information Security Let’s take a look at some strategies for reviewing the Security Control Baseline and creating “action plans” for implementation. The “Raw Materials” An effective review starts with the right materials. You’ll need two spreadsheets to work with: Security Controls Assessment Procedures (CCIs) Using the Security Controls…