Collaborate Disseminate
As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800… Continue reading Notable Enhancements to the New Version of NIST SP 800-53
If you made a motor out of a magnet, a wire coil, and some needles, you probably remember that motors and generators depend on a rotating magnetic field. Once you know how it works, the concept is pretty simple, but did you ever wonder who worked it all out to …read more
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cyber… Continue reading Integrating the Risk Management Framework (RMF) with DevOps
It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it wou… Continue reading Revisiting the Risk Management Framework in Light of Revision 2
Over the next few weeks, I plan to post about the RMF process. This will piggy back on and expand upon the article: My Experience with the DoD Version of the RMF. A little background on how the DoD got to the RMF. For those that have been a… Continue reading DoD RMF Part 1: How We Got to the RMF
Last month I posted some information on several information security framework/standards being updated and sense then there have been updated on all of them. So here we go:
NIST CSF v1.1. The second draft was released at the end of 2017, a… Continue reading March Updates on Frameworks & Standards
What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,… Continue reading How to Apply the Risk Management Framework (RMF)