Security Control Spotlight—Privacy Overlay

By Lon J. Berman, CISSP According to NIST Special Publication (SP) 800-53, an overlay is a “fully specified set of security controls, control enhancements and supplemental guidance derived from the application of tailoring guidance to security control baselines”. The intent is to streamline the process of developing a security control set for specific communities of interest. The Committee on National Security Systems (CNSS) website, www.cnss.gov,…

DoD (Finally) Begins Transition to RMF

By Lon J. Berman, CISSP BAI Consulting The wait is over! RIP DIACAP!! At long last, DoD has announced the start of transition from the legacy DIACAP Certification and Accreditation (C&A) Program to the Risk Management Framework (RMF). This transition is part of a broader effort to bring all Executive Branch departments and agencies ……

Continuous Monitoring—It’s Not (Just) About The Tools

by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT system.  In spite of this, the risk management processes used in most federal agencies have traditionally been centered around mountains of paperwork, along with “point-in-time” assessments and approvals.  With the ascension…

DIACAP Says “So Long”

On March 12, 2014 the DoD released a new policy that makes it official that the DoD Information Assurance Certification and Accreditation Process (DIACAP) is being put to bed in favor of a “new” Risk Management Framework (RMF).  The news is not a revelation as it has been in the works for a few years…