RMF for DoD IT | IT Dojo

Common Controls and Inheritance

Continuous Monitoring, Cybersecurity Framework, DIACAP Training, DIARMF, DoD 8570 Compliance, Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Northern Virginia, Remote Online Training, Risk Management Framework, RMF Training, Training, Training in Colorado Springs, Training in Virginia Beach, Training in Washington DCBy Nick Webb July 13, 2015

By Kathryn M. Farrish, CISSP Common Controls are security controls whose implementation results in a security capability that is inheritable by multiple information systems (IS). For example, the information systems hosted in a data center will typically inherit numerous security controls from the hosting provider, such as: Physical and environmental security controls Network boundary defense security controls Other inheritance scenarios include agency or departmental-level policies…

FAQ: How Comprehensive is your RMF for DoD IT Course?

DIACAP Training, Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Risk Management Framework, RMF Training, Training, Training in Virginia Beach, Training in Washington DCBy Nick Webb July 10, 2015

The most common question we get in regards to our RMF for DoD IT training course is this: How comprehensive is your RMF for DOD IT course? The reason I ask is that the Navy is still trying to wrap their head around RMF and how to integrate it both from an acquisitions and operational…

Security Control Spotlight—Privacy Overlay

Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Risk Management Framework, RMF Training, Training, Training in Virginia BeachBy Nick Webb July 9, 2015

By Lon J. Berman, CISSP According to NIST Special Publication (SP) 800-53, an overlay is a “fully specified set of security controls, control enhancements and supplemental guidance derived from the application of tailoring guidance to security control baselines”. The intent is to streamline the process of developing a security control set for specific communities of interest. The Committee on National Security Systems (CNSS) website, www.cnss.gov,…

System Categorization-Take the Time to Get it Right

Continuous Monitoring, Cybersecurity Framework, DIACAP Training, DIARMF, DoD 8570 Compliance, Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Remote Online Training, Risk Management Framework, RMF Training, Security, Training, Training in Colorado Springs, Training in Virginia Beach, Training in Washington DCBy Nick Webb July 8, 2015

By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…

Information Security Continuous Monitoring Course Date Just Added!

Continuous Monitoring, Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Northern Virginia, Remote Online Training, Risk Management Framework, RMF Training, Training, Training in Colorado Springs, Training in Virginia Beach, Training in Washington DCBy Nick Webb June 23, 2015

We have just added a course date for the Information Security Continuous Monitoring training that is coming up this fall (September 22 – 24, 2015). Information Security Continuous Monitoring (three days) covers roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication…

What Are CCIs and Why Should I Care About Them?

All Things IPv6By Nick Webb March 16, 2015

By Kathryn M. Farrish, CISSP One of the more recent information security innovations is the Control Correlation Identifier, or CCI. Each CCI provides a standard identifier and description for “singular, actionable statements” that comprise a security control or security best practice. The purpose of CCIs is to allow a high level statement made in a…

Security Control Spotlight—The PM Family

Risk Management Framework, RMF TrainingBy Nick Webb March 13, 2015

By Lon J. Berman, CISSP The Beatles were comprised of how many musicians? Easy, right? They were called the “Fab Four”, so there were definitely 4. Now Google “the fifth Beatle” and see what you get. Ditto for “sixth sense”. When I eat at a Thai restaurant and the waitress asks how hot I want…

Getting Off to a Good Start with Your RMF Transition

Risk Management Framework, RMF TrainingBy Nick Webb March 12, 2015

By Annette Leonard of BAI Information Security “The beginning is the most important part of the work.” ― Plato, The Republic Before rushing headlong into the RMF fray, DoD system owners should take the time to ensure they get off to a good start. Mistakes made at the beginning of the effort can be very…

RMF Transition—What do I Really Need to Know?

All Things IPv6By Nick Webb March 11, 2015

By Lon J. Berman, CISSP It’s hard to believe it’s been a whole year since the publication of DoD Instruction (DoDI) 8510.01 in March of 2014, which officially began the transition from the DIACAP process and IA Controls to the Risk Management Framework (RMF) and NIST Security Controls. While there are isolated pockets of progress…

Spotlight: Information Security Continuous Monitoring

Cybersecurity Framework, DIACAP Training, DIARMF, DoD 8570 Compliance, Information Assurance, IT Courses in Hampton Roads, IT Training In Norfolk, Risk Management Framework, RMF Training, Security, Training, Training in Colorado Springs, Training in Virginia Beach, Training in Washington DCBy Nick Webb January 27, 2015

By Lon Berman, CISSP No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem. Cyber attackers are more sophisticated than ever before, and it has become vitally important to understand how to manage risk and implement a continuous monitoring program. More than just…

Tag Archives: RMF for DoD IT