May 11, 2026

DoD 8140 vs DoD 8570: What Federal IT Professionals Need to Know

Confused about the DoD 8570 to 8140 transition? Learn what changed, which certifications are required, and how to stay compliant in your federal IT role.

DoD 8140 DoD 8570 Cybersecurity Federal IT Compliance RMF

Read Article

May 24, 2024

RMF Alignment with ISC2’s CGRC Exam

IT Dojo's training programs were developed with the information systems professional in mind.

RMF Certifications

Read Article

April 17, 2024

Strengthening Cybersecurity: Navigating the Risk Management Framework for DoD IT

In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding…

RMF Cybersecurity DoD Compliance

Read Article

September 27, 2023

Navigating the Risk Management Framework (RMF) for DoD and Government Agencies

In today's tech-driven world, safeguarding sensitive data and critical systems is a top priority, especially for government agencies, including the…

RMF DoD Compliance NIST

Read Article

June 28, 2023

NIST SP 800-53: WHAT’S THE DELTA FROM REV. 4 TO REV. 5?

NIST SP 800-53 (National Institute of Standards and Technology Special Publication 800-53) provides a set of security and privacy controls for information…

NIST RMF

Read Article

June 28, 2023

RISK MANAGEMENT FRAMEWORK (RMF) TOMORROW: TRUTH OR FICTION?

JULY 2023, VOLUME 15, ISSUE 3 When it comes to the future of RMF, rumors abound but truth is hard to come by.

RMF

Read Article

February 8, 2022

DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?

Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard.

RMF NIST DoD Compliance

Read Article

May 25, 2021

Risk. What to Do With It.

Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharmacy records.

Cybersecurity RMF

Read Article

May 25, 2021

RMF Across the Government Landscape

More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”.

RMF DoD Compliance

Read Article

January 12, 2021

NIST Rev. 5 Supplemental Materials

Back in September of last year (2020), NIST finally published the final version of Special Publication 800-53 Revision 5.

NIST RMF

Read Article

January 12, 2021

Welcome, Step 0

Q. The Risk Management Framework (RMF) life cycle is comprised of how many steps? A. Oh, that’s easy, it’s six. Well … not so fast.

RMF

Read Article

November 12, 2019

Ask Dr. RMF!

Dear Dr. RMF, I work in an Army program and I feel like I am getting the hang of RMF, but when the heck do I schedule an independent assessment (SCA-V)?

RMF DoD Compliance

Read Article

July 9, 2019

The Expanding Role of eMASS

The Enterprise Mission Assurance Support Service (eMASS) is a DoD system that serves as an information repository and workflow manager for the Risk…

eMASS RMF

Read Article

April 15, 2019

Ask Dr. RMF

Dear Dr. RMF, Government IT Security staff work with systems owners to make sure that all systems in the agency have implemented the proper Risk Management…

RMF DoD Compliance

Read Article

April 15, 2019

Security Control Inheritance

CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or…

RMF Cybersecurity

Read Article

January 11, 2019

NIST 800-37 Rev 2: It’s Official!

NIST has officially released NIST 800-37 Rev 2 and dubbed it as “RMF 2.0.” The framework has been updated to include both cybersecurity and privacy to be…

RMF NIST

Read Article

January 11, 2019

Powerful but not well understood: Reciprocity, Type Authorization, and Assess Only

All of us who have spent time working with RMF have come to understand just what a time-consuming and resource-intensive process it can be.

RMF DoD Compliance

Read Article

October 9, 2018

Is RMF Broken? Can it be fixed or is it beyond repair?

Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive…

RMF DoD Compliance

Read Article

July 17, 2018

NIST 800-37 Rev. 2

The National Institute of Standards and Technology (NIST) is in the process of preparing Special Publication (SP) 800-37 Rev 2 for publication.

RMF NIST

Read Article

May 9, 2018

NIST Updates RMF to Incorporate Privacy Considerations

Interesting press release just put out stating that NIST is updating the RMF to incorporate privacy considerations. Full release can be found here.

NIST RMF Privacy

Read Article

April 17, 2018

RMF and the Defense Security Service (DSS)

The Defense Security Service (DSS) serves as an interface between the government and cleared industry.

RMF DoD Compliance

Read Article

October 17, 2017

Is Your System a National Security System (NSS)? and How Does That Affect RMF Efforts?

By federal law, an information system will be designated as a National Security System (NSS) in accordance with the following definition: The term “national…

RMF DoD Compliance

Read Article

October 17, 2017

RMF: Is It Effective?

In July 2017, SolarWinds conducted an online survey via Market Connections aimed at approximately 200 federal government IT decision makers and influencers…

RMF

Read Article

July 13, 2017

Continuous Monitoring Today: And Tomorrow

This article was written by Lon Berman, CISSP, RDRP of BAI Information Security Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security…

Cybersecurity RMF

Read Article

July 13, 2017

Security Control Spotlight: Inheritance from a FedRAMP Approved CSP

This article was written by Kathryn M. Daily, CISSP, RDRP of BAI Information Security.

RMF Cloud Security

Read Article

April 13, 2017

NIST SP 800-53 Rev 5: Big Changes Coming?

As you probably know, the “catalog” of security controls used in RMF is derived from NIST Special Publication (SP) 800- 53 Rev 4.

NIST RMF

Read Article

April 11, 2017

Top Ten: Things You Should Know about eMASS

The Enterprise Mission Assurance Support Service, or eMASS, is a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services…

eMASS RMF

Read Article

January 30, 2017

Security Control Spotlight: Training

In this issue we will shine the spotlight on the Awareness and Training (AT) family of security controls.

RMF Training

Read Article

January 30, 2017

Top Ten: Documentation Recommendations

Supporting documentation (aka. artifacts) is key to providing evidence of compliance with security controls.

RMF NIST

Read Article

September 16, 2016

Security Control Spotlight: Contingency Planning

In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls.

RMF Cybersecurity

Read Article

September 16, 2016

Top Ten RMF Pitfalls Revisited

Like any complex process, RMF is not without its share of potential pitfalls. Now that we have the benefit of some more RMF projects under our belt, we…

RMF

Read Article

September 16, 2016

Understanding the Authorization Decision

If you ask most system owners about the desired outcome of their RMF efforts, they will readily tell you “we are expecting the Authorizing Official (AO) to…

RMF DoD Compliance

Read Article

June 8, 2016

Top Ten: RMF “Lessons Learned”

I recently had the pleasure of consulting for a DoD program that successfully navigated the RMF process and received a full three year Authorization to…

RMF

Read Article

June 7, 2016

Security Control Baseline “Tabletop Review”

Let’s take a look at some strategies for reviewing the Security Control Baseline and creating “action plans” for implementation.

RMF Cybersecurity

Read Article

June 1, 2016

Security Control Spotlight: Inheritance

Security Control Inheritance is one of the most powerful tools available to facilitate the RMF process.

RMF Cybersecurity

Read Article

March 11, 2016

Security Control Spotlight: STIGs and Controls

One of the primary goals of the RMF life cycle is for a system to achieve and maintain compliance with a baseline of Security Controls in accordance with…

RMF STIGs

Read Article

March 7, 2016

Building A Security Control Baseline “Step-by-Step”

Article By Lon J. Berman, CISSP In the last issue of RMF Today and Tomorrow, we walked through the System Categorization process step-bystep.

RMF NIST

Read Article

March 1, 2016

Top Ten: Questions for your Authorizing Official

The importance of the Authorizing Official (AO) in the RMF process is self evident.

RMF

Read Article

February 29, 2016

System Scans in eMASS … Think Before You Upload!

eMASS, short for Enterprise Mission Assurance Support Service, is a comprehensive tool provided by DoD for managing the RMF life cycle.

eMASS RMF

Read Article

November 23, 2015

Security Control Spotlight: A Little Good News?

Imagine this dialog between Edward, a System Owner, and Christine, his Information System Security Manager (ISSM): Edward (System Owner):“Now that we’ve…

RMF Cybersecurity

Read Article

November 19, 2015

RMF’s System Categorization: Step by Step

In this blog post Lon Berman, CISSP talks about the sub-steps of the first RMF step, System Categorization.

RMF NIST

Read Article

July 13, 2015

Common Controls and Inheritance

Common Controls are security controls whose implementation results in a security capability that is inheritable by multiple information systems (IS).

RMF NIST

Read Article

July 10, 2015

FAQ: How Comprehensive is your RMF for DoD IT Course?

The most common question we get in regards to our RMF for DoD IT training course is this: How comprehensive is your RMF for DOD IT course?

RMF Training

Read Article

July 9, 2015

Security Control Spotlight: Privacy Overlay

According to NIST Special Publication (SP) 800-53, an overlay is a “fully specified set of security controls, control enhancements and supplemental guidance…

RMF Privacy

Read Article

July 8, 2015

System Categorization-Take the Time to Get it Right

The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement.

RMF NIST

Read Article

July 7, 2015

Post Training Support on our RMF classes!

TrainPlus! POST TRAINING SUPPORT RMF education doesn't just stop when the training class is over.

RMF Training

Read Article

April 27, 2015

Why NIST’s Free Online RMF Training is Not Enough

As many of you are already aware, NIST offers free online Risk Management Framework training as a resource on their website.

RMF Training

Read Article

March 16, 2015

What Are CCIs and Why Should I Care About Them?

One of the more recent information security innovations is the Control Correlation Identifier, or CCI.

RMF STIGs

Read Article

March 13, 2015

Security Control Spotlight: The PM Family

The Beatles were comprised of how many musicians? Easy, right? They were called the “Fab Four”, so there were definitely 4.

RMF Cybersecurity

Read Article

March 11, 2015

RMF Transition: What do I Really Need to Know?

It’s hard to believe it’s been a whole year since the publication of DoD Instruction (DoDI) 8510.01 in March of 2014, which officially began the transition…

RMF DoD Compliance

Read Article

January 27, 2015

Spotlight: Information Security Continuous Monitoring

No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem.

RMF Cybersecurity

Read Article

November 13, 2014

Security Control Spotlight: By the Numbers

In this issue’s “Spotlight”, we’re not going to focus on any specific controls or families, but rather on a comparison of RMF controls and DIACAP controls.

RMF Cybersecurity

Read Article

November 5, 2014

Top Ten: Sources of RMF Policy and Guidance

RMF-related policies and guidance come from a plethora of sources within the seemingly-convoluted federal landscape.

RMF NIST

Read Article

October 31, 2014

Significant Update to NIST SP 800-53A

At long last, NIST has finally released a draft copy of the updated version of SP 800-53A, entitled Assessing Security and Privacy Controls in Federal…

NIST RMF

Read Article

October 16, 2014

Spotlight: Transitioning to the Risk Management Framework (RMF)

With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD has begun.

RMF DoD Compliance

Read Article

August 21, 2014

RMF Training: Better Price. Better Delivery. Best Results.

The DoD has announced that RMF for DoD IT will supercede the current DIACAP requirements.

RMF Training

Read Article

July 21, 2014

Security Control Spotlight: Organization-Defined Parameters

Under RMF, NIST SP 800-53 is the primary source for security controls. If we compare these controls to the DoDI 8500.2 IA controls used in DIACAP, several…

RMF Cybersecurity

Read Article

July 18, 2014

Top Ten: Ensuring a Smooth Transition to RMF

Now that DoD has “officially” begun its adoption of “RMF for DoD IT”, let’s take a look at some of the things your organization can do to ensure a smooth…

RMF DoD Compliance

Read Article

April 22, 2014

What are the Steps in the Risk Management Framework Process?

The Risk Management Framework (RMF) is a seven-step process defined by NIST SP 800-37 and mandated for all federal and DoD information systems.

RMF

Read Article

April 10, 2014

Top 10 Things that Will Be Staying the Same with RMF

As DoD begins its transition from DIACAP to Risk Management Framework for DoD IT, everyone is naturally focused on all the things that will be…

RMF DoD Compliance

Read Article

April 9, 2014

RMF Documents and Resources

For your convenience, ITdojo has assembled the following collection of RMF-related government publications.

RMF NIST

Read Article

April 8, 2014

Top Ten: What’s “new” in RMF for DoD IT?

Now that DoD has “officially” begun its adoption of RMF, let’s take a look at some of the things that are “new”! 10. Cybersecurity.

RMF DoD Compliance

Read Article

April 7, 2014

Continuous Monitoring: It’s Not (Just) About The Tools

by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT…

Cybersecurity RMF

Read Article

May 20, 2011

The Debate Surrounding Section 6.5.4.1

The IANA (Internet Assigned Number Authority) distributes IPv6 address to RIR's (Regional Internet Registry's) around the world.

RMF DoD Compliance

Read Article

RMF

DoD 8140 vs DoD 8570: What Federal IT Professionals Need to Know

RMF Alignment with ISC2’s CGRC Exam

Strengthening Cybersecurity: Navigating the Risk Management Framework for DoD IT

Navigating the Risk Management Framework (RMF) for DoD and Government Agencies

NIST SP 800-53: WHAT’S THE DELTA FROM REV. 4 TO REV. 5?

RISK MANAGEMENT FRAMEWORK (RMF) TOMORROW: TRUTH OR FICTION?

DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?

Risk. What to Do With It.

RMF Across the Government Landscape

NIST Rev. 5 Supplemental Materials

Welcome, Step 0

Ask Dr. RMF!

The Expanding Role of eMASS

Ask Dr. RMF

Security Control Inheritance

NIST 800-37 Rev 2: It’s Official!

Powerful but not well understood: Reciprocity, Type Authorization, and Assess Only

Is RMF Broken? Can it be fixed or is it beyond repair?

NIST 800-37 Rev. 2

NIST Updates RMF to Incorporate Privacy Considerations

RMF and the Defense Security Service (DSS)

Is Your System a National Security System (NSS)? and How Does That Affect RMF Efforts?

RMF: Is It Effective?

Continuous Monitoring Today: And Tomorrow

Security Control Spotlight: Inheritance from a FedRAMP Approved CSP

NIST SP 800-53 Rev 5: Big Changes Coming?

Top Ten: Things You Should Know about eMASS

Security Control Spotlight: Training

Top Ten: Documentation Recommendations

Security Control Spotlight: Contingency Planning

Top Ten RMF Pitfalls Revisited

Understanding the Authorization Decision

Top Ten: RMF “Lessons Learned”

Security Control Baseline “Tabletop Review”

Security Control Spotlight: Inheritance

Security Control Spotlight: STIGs and Controls

Building A Security Control Baseline “Step-by-Step”

Top Ten: Questions for your Authorizing Official

System Scans in eMASS … Think Before You Upload!

Security Control Spotlight: A Little Good News?

RMF’s System Categorization: Step by Step

Common Controls and Inheritance

FAQ: How Comprehensive is your RMF for DoD IT Course?

Security Control Spotlight: Privacy Overlay

System Categorization-Take the Time to Get it Right

Post Training Support on our RMF classes!

Why NIST’s Free Online RMF Training is Not Enough

What Are CCIs and Why Should I Care About Them?

Security Control Spotlight: The PM Family

RMF Transition: What do I Really Need to Know?

Spotlight: Information Security Continuous Monitoring

Security Control Spotlight: By the Numbers

Top Ten: Sources of RMF Policy and Guidance

Significant Update to NIST SP 800-53A

Spotlight: Transitioning to the Risk Management Framework (RMF)

RMF Training: Better Price. Better Delivery. Best Results.

Security Control Spotlight: Organization-Defined Parameters

Top Ten: Ensuring a Smooth Transition to RMF

What are the Steps in the Risk Management Framework Process?

Top 10 Things that Will Be Staying the Same with RMF

RMF Documents and Resources

Top Ten: What’s “new” in RMF for DoD IT?

Continuous Monitoring: It’s Not (Just) About The Tools

The Debate Surrounding Section 6.5.4.1

All Topics

Need Training?

Get More Information