Notable Enhancements to the New Version of NIST SP 800-53

As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800… Continue reading Notable Enhancements to the New Version of NIST SP 800-53

Integrating the Risk Management Framework (RMF) with DevOps

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cyber… Continue reading Integrating the Risk Management Framework (RMF) with DevOps

Revisiting the Risk Management Framework in Light of Revision 2

It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it wou… Continue reading Revisiting the Risk Management Framework in Light of Revision 2

How to Apply the Risk Management Framework (RMF)

What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,… Continue reading How to Apply the Risk Management Framework (RMF)