By Marilyn Fritz, CISSP, CISA, ITIL, PMP The new DFARS Interim Rule that went into effect November 30, 2020 is a game changer for any entities that have or are pursuing Defense Industrial Base (DIB) contracts or subcontracts. Prior to the new Interim Rule, contractors and sub-contractors could self-attest that they met DoD cybersecurity requirements…
Details
By Kathryn Daily, CISSP, CAP, RDRP So by now, I’m sure you’ve seen a ton of articles on the Cybersecurity Maturity Model Certification (CMMC) initiative. A lot of information has been released but there are still a lot of unknowns. What We Know We know that it’s mandatory for all contractors who wish to do…
Details
Dear Dr. RMF, I work in an Army program and I feel like I am getting the hang of RMF, but when the heck do I schedule an independent assessment (SCA-V)? Show Me the SCA-V Dear Show Me the SCA-V, When determining when to schedule a SCA-V assessment you’ll want to take several things into…
DetailsBy Kathryn Daily, CISSP, CAP, RDRP So, in the last edition of the newsletter I wrote about the need for verification of NIST 171 compliance from DoD contractors, suppliers and vendors who process controlled unclassified information (CUI). Well, the DoD sure delivered on that request. A mere days after the last article was published, DoD…
Details
By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at the National Institute of Standards and Technology (NIST) throwing another framework our way! The Cybersecurity Framework (CSF) has actually been in development since…
Details
By Lon J Berman, CISSP, RDRP The Enterprise Mission Assurance Support Service (eMASS) is a DoD system that serves as an information repository and workflow manager for the Risk Management Framework (RMF) process. The history of eMASS can be traced back to a project called Digital DITSCAP at the Defense Logistics Agency (DLA) in the…
Details
We constantly get asked “Where is the best place to find CISSP practice questions?” and “What sort of resources can you share with me to help me prepare for the CISSP?” In an effort to consolidate all of the answers to these questions, we have put together this list of links. As we find new…
Details
By Kathryn Daily, CISSP, CAP, RDRP Back in September 2018, NIST announced their plans to develop a data privacy framework based off their cybersecurity framework that has been extremely successful in both government and private sector. NIST has worked with industry through webinars and workshops and incorporated both public and private sector feedback for the…
Details
By P. Devon Schall, PhD, CISSP, RDRP Over the past 12 months, I have attended a handful of DoD cybersecurity conferences with the goal of convincing the DoD community that RMF training is a key solution in combatting the perceived RMF crisis. These conferences include the Air Force Information Technology & Cyberpower Conference (AFITC), the…
Details
By Lon J. Berman CISSP, RDRP CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application”. The typical example…
Details