Risk Management Framework Articles

The Common Control Conundrum

What are Common Controls? Common controls are security controls that can support multiple information systems efficiently and effectively as a common capability. They typically define the foundation of a system security plan. Common controls are the security controls you need to do the most work to identify when developing your risk-based cybersecurity strategy and your system...

Think INSIDE the Box

Data Residency and Risk Management Data residency analysis is the process of determining the physical or geographic location of the data and digital artifacts that reside in your information system.  Luckily data residency for US public sector agencies is well defined.  The data and information resources of US government systems it needs to reside within...

Know Your Boundary

Do You Know Your RMF Boundaries? The first step in the six step risk management framework (RMF) process is categorizing your system.  The first step in categorizing your system is establishing the system boundary.  The boundaries of your system and how you categorize it will  drive your risk management strategy.  Your risk management strategy in...

What is ATO as a Service™?

The process to obtain a FedRAMP/Risk Management Framework (RMF) Authority To Operate (ATO) is very time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an innovative Software as a Service (SaaS) that expedites FedRAMP/RMF processes, auto-generates authorization package documents, and automates continuous monitoring for your Microsoft Cloud-hosted information systems. cFocus Software has...

RMF, Security Plans, POAMs: All Dynamic

Anyone who has ever used the Risk Management Framework (RMF) in two or more different organizations can attest to how dynamic RMF, Security Plans, and Plans of Action and Milestones (POAMs) are. They are so dynamic, in fact, that no two organizations utilize them the same. That’s one of the things that Information Assurance professionals...

2 Vulnerabilities That Can Affect Your System ATO

The foundation of risk-based cybersecurity using the Risk Management Framework (RMF) is designing, developing and deploying resilient systems.  Resilient systems have the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on your information resources. One of the most important steps toward cyber resilience is practicing good cybersecurity hygiene,...